What is Site Lock?
SiteLock provides simple, fast and affordable website security to websites of all sizes. Founded in 2008, the company protects over 12 million websites worldwide. The SiteLock cloud-based suite of products offers automated website vulnerability detection and malware removal, DDoS protection, website acceleration, website risk assessments, and PCI compliance.
What types of issues does SiteLock scan for?
SiteLock has the technology to perform a comprehensive website scan that encompasses:
- File-based Malware Scanning and Removal: SiteLock performs daily scans of a website’s files for malware. If malware is found, the website owner is alerted immediately. SiteLock also offers comprehensive scans to automatically remove the malware.
- Vulnerability Scanning: SiteLock performs scans of website applications for common vulnerabilities that could lead to a compromise.
- Application Security and Vulnerability Patching: SiteLock has the technology to automatically patch vulnerabilities in content management systems (CMS).
What is the difference between the security I am providing as a host and the protection SiteLock provides?
As a hosting provider you're responsible for the security and functionality of the server hosting your customers' sites, but not their individual sites.SiteLock provides comprehensive website security for all websites within a shared or dedicated server environment.
To learn more about the differences, watch the 'SiteLock and Hosting Provider Partnership Explained' video by clicking here.
Does SiteLock work with any hosting, server and software?
Yes, SiteLock is compatible with any hosting environment.
Will SiteLock impact hosting resources/does software need to be installed on the server?
No. During a website scan, SiteLock downloads the relevant files via FTP to a secure server and perform scans there. There is no impact to the website content, code, bandwidth, or server resources and no software needs to be installed on the server.
What is the difference between the firewall I currently provide and the firewall that SiteLock offers?
Servers have different layers for communication. The OSI model has 7 layers. The firewall provided by most hosting companies is going to be focused on layers 3 and 4 of the OSI model. These layers are set to always allow http requests from port 80. Port 80 is set to always allow HTTP requests from Web clients. This is what allows a site to be visible to the internet. However, malware attacks today can be sent via an HTTP request through port 80. The difference between a safe request and a malicious request is the content being sent. A host's firewall does not examine the content being sent via port 80, it is merely interested on ensuring the the request is the correct type through the right port. If it is an HTTP request, it will be allowed through port 80. A web application firewall (WAF) works at Layer 7 of the OSI model, which is the application layer. A WAF utilizes a general rule set to determine if the content being sent is safe or malicious.
What is SMART?
SMART is the Secure Malware Alert and Removal Tool (SMART). SMART can be set to 1 of 2 settings; "Yes, automatically remove the malware found" or "No, just warn me". SMART performs an inside-out scan by connecting to the site via FTP and,making as copy of the website files to download to a SiteLock secure server. SMART is able to identify and remove coding from the files. Once the scan is complete, if malware was removed, a clean copy of the file(s) will be uploaded to the server,replacing the infected file(s). If you choose to set SMART to "No, just warn me," you will only be notified of the malware found and have the ability to review the findings inside the dashboard.
What is the sign-up process? How is SiteLock configured?
The SiteLock product will be active once the user has paid for and configured the service(s). SiteLock Scanner Lite and SiteLock Find do not require configuration. SiteLock Premium and SiteLock Defend do require configuration. There are multiple scans included with each product and many of the scans will not require a configuration, as they run via HTTPS.
Services that need to be configured include;
- SMART - Instructions can be found inside the SiteLock Dashboard.
"Settings" tab -> "Download settings" tab. From the "Download Settings" screen, click on "use the wizard" at the top right.
- Web application firewall (SiteLock Defend only). Instructions can be found inside the SiteLock Dashboard.
From the "Dashboard Tab", click on the circle that says "Trueshield Configure." Once you click on the circle, you will be taken to another screen that has instructions on step by step set up. If you require assistance with setting up the Web Application Firewall (WAF), please call SiteLock technical support team available 24/7/365
What level of access will my clients need to configure SiteLock?
SiteLock Scanner Lite and SiteLock Find run via HTTPS and scan what is web visible. Your clients will not require any server access to use these products.. For services Such as Fix and Defend they will require FTP, SFTP, or FTPS access so that SMART can access and download the website flies to the SiteLock Secure Server. Additionally, in order to utilize the WAF, clients will require access to their DNS records.
Will SiteLock impact website performance?
No. During a website scan, SiteLock downloads the relevant files to a secure server and performs scans there. There is no impact to the website content, code, bandwidth or server resources on the website.