Website Security Related
SiteLock is a comprehensive website security solution for online businesses. Delivered through a Software
(SaaS) model, SiteLock subscribers can proactively protect their website
while increasing sales by over 10% through
earning trust. The SiteLock Trust Seal provides customer confidence and has been proven to substantially increase sales
and conversions, with 70% of web visitors looking for a verifiable 3
party certification b
efore providing personal data.
Total Website Security
Reputation Management preventing Blacklisting
Use Dashboards with Real
Increase Sales with the SiteLock Trust Seal
Party Business Verification
rt Website Security Services
Help your customers protect their websites from Internet threats, and provide peace
mind with SiteLock.
to find out more information.
Since starting in 2008, SiteLock has been committed to making the web safer for online businesses. This mission has
resulted in helping over 500,000 small businesses worldwide and over 2 million web pages scanned per day for threats
SiteLock was founded on the principle that website security should not be expensive for small
enterprises and that these customers are entitled to an excellent customer experience during a time of need.
winning, patented 360
e scanning technology, SiteLock provides the ultimate protection
while still being light enough to not affect a network’s server or performance.
Not only does SiteLock offer inexpensive security solutions for online businesses, but also delivers on
through our experienced team of professional security engineers.
trained engineers thoroughly scan and
analyze websites to identify malware, backdoors, and other vulnerabilities and resolve customer issues. This is quickly
done to rest
ore a customer’s online business, securing the business’s data and reputation.
Even if the website has not been compromised, all businesses need to ensure that their website is safe and secure.
SiteLock offers the following additional services:
Database security hardening
Network security hardening
Blog and CMS security hardening
Shopping cart security hardening
Secure Web Design
Secured. Trusted. Verified.
What is SiteLock?
SiteLock helps protect more than just your website; it can protect your business. Your online reputation and the security
of your website are critical elements to your business. There have never been more threats to your website than now. In
ver 9 million websites were victims to hackers. Hackers use malware, SQL Injection, Cross
site scripting and more
sophisticated techniques to steal your customer data or redirect your traffic, ruining your business’ reputation.
Protect your investment by
preventing your website being blacklisted by search engines. Over 6000 websites are
blacklisted each day
resulting in loss in revenue, customers and credibility. Blacklisting is a direct result of website
being reported as being unsafe for visitors by
means of spam or malware. Daily security scanning identifies
vulnerabilities and protects your site against these and other threats.
Blacklist monitoring tools are plentiful within the market. Blacklist monitoring is critical, but insufficient to ensu
website’s reputation and security. This is a reactive measure, after the damage is done. A proactive approach identifies
possible weak spots and open ports hackers could leverage to cause havoc. The most common, according to a report by
ecurity team and the US Secret Service** are code injection attacks like cross
site scripting and SQL
injections. SiteLock will alert you if your site is vulnerable to these issues, as well as if your site gets blacklisted for
reason by search engines
or spam monitoring tools.
SiteLock enables small businesses to proactively protect their investment and reputation through:
Searches your site and network for common weak spots hackers exploit to inject malicious code
into your site
Monitors search engine and spam blacklists to make sure your customers are seeing your site and
receiving your messages
SiteLock’s security offers these features:
degree scanning for
Site Scripting (X
Demand Expert Services to help you fix any security issue on your site
Alerts & Email Notifications
Geared to provide holistic network and application security, drive
downloads, and cust
omer data protection (SQL &
XSS)by performing forward
In addition to all of this, SiteLock also provides our Trust Seal for sites that are secure. The SiteLock Trust Seal provide
customer confidence a
nd has been proven to substantially increase your sales and conversions, with 70% of web visitors
looking for a verifiable 3
party certification before providing personal data***.
(Proposed LicensePal List Price)
**2011 Verizon Data Breach Investig
ations Report; ***
2006 Consumer Security Survey
Don’t let blacklisting happen to you!
SiteLock monitors websites for the following issues and vulnerabilities and alerts you of any issues:
Search Engine/Browser Blacklisting
SQL Injection vulnerabilities
Site Scripting (XSS) vulnerabilities
SiteLock also verifies a business’s reputation:
Postal address verifica
SSL certificate validity
party trust seal
Over 500,000 customers currently protected
Customer profile: website owners with 0
2500 pages, from blogs to ecommerce storefronts
Key use verticals: Hosting providers, manage service p
roviders, cloud services, shopping cart, and web design
Some of the current clients include HostGator, iPage, iPower, and Bluehost
Strategic alliances: Stopbadware.org, Bitdefender
What is SiteLock and what does it do?
Lock is a service that performs daily scans of a website to identify vulnerabilities and protect against threats like
site scripting, SQL injection and even email blacklisting.
The SiteLock™ Trust Seal provides customer confidence and increases your sales and conversions.
What types of problems does SiteLock scan for?
SiteLock performs a Deep 360 Scan that encompasses:
ensures the reputation of the website
is intact and communication to visitors and
customers is uninterrupted.
monitors search engine and proprietary malware lists to make sure the site is not blocked by
search engines and browsers.
ensures that e
customers' inbox (not their Spam folder), SiteLock verifies e
addresses, domains, and email servers against lists used by popular email tools to identify spam.
ensures users do not see a certificate warning or error when visiting you
validates the security of the network by making sure there is no opportunity for hackers to
access the server.
scans the website to ensure visitors are not being infected with viruses often placed on
Customer data protection (SQL & XSS):
looking scans to make sure current
and future visitor/customer data on the site is secure.
verifies that any 3rd
party applications installed on your webs
ite are secure and up
certifies the validity of the business and provides a certification badge to display to
website visitors to let them know the business or website is legitimate.
ensures that the domain
owner is in control of the website domain.
verifies that the site owner can receive and respond to postal mail, such as customer payments
ensures that there is a phone number where customers can report iss
ues or request
additional products or services.
How is SiteLock billed?
SiteLock is a subscription service billed for in advance and available in one
How does SiteLock notify customers when it finds an issue?
SiteLock will inform the site owner
by email, and with an alert in the SiteLock Dashboard. The report will provide
complete information about the issue that is found along with help to remove it.
What happens if SiteLock finds a vulnerability? Will the SiteLock seal tell visitors that a web
site has failed?
Site visitors will not be alerted to any problem. The SiteLock seal will simply continue to display the date of the last good
scan of the website site. If the site owner fails to rectify the problem, within a few days SiteLock will remove
from the site and replace it with a single pixel transparent image. At no point will SiteLock display any indication to
visitors that a website has failed a scan.
Does SiteLock work with any hosting company, server and software?
impact website performance?
No. SiteLock scans won't impact the performance of a website. The SiteLock seal has no impact on load times.
How do I install the SiteLock seal?
rea of their site or template.
Where do my customers manage their SiteLock service?
They can manage SiteLock either through the white
label DomainAdmin.com interface that OpenSRS provides, or you
can build the SiteLock dashboard interface into your own con
Can a SiteLock service subscription be upgraded?
Yes. Customers can upgrade from SiteLock Basic to SiteLock Premium or SiteLock SMB Enterprise, or from SiteLock
Premium to SiteLock SMB Enterprise. Downgrades are not possible. When a subscriptio
n is upgraded, the expiry date for
the subscription is reset to one year from when the order is submitted.
Once a client has paid for the service or signed up for the free trial:
A welcome email is sent out
The email contains instruct
ions for installing the SiteLock certificate on their
Phone verification is attempted within 1 hour
This is an automated call that informs the customer of the 4 digit pin for their account
The customer must log in to their dashboard and enter
the code for verification to be completed
If a client does not answer, they can request another call in their dashboard
A scan of the clients website will take place within 24 hours
Scans run late at night so typically by midnight, their site will h
ave been scanned
If vulnerabilities are found, the client will be notified via email and message alert within their dashboard
When the scan has been completed, the client can add the SiteLock seal to their website
I just registered my webs
ite and my network scan shows "No information available". Why is this?
We are currently in the process of scanning your website, servers, and other hardware for vulnerabilities. This initial
scan can take up to 24 hours. Please check back throughout the da
y. If you are still seeing this message after 24 hours,
please contact support.
I just registered my website and have not gotten an e
mail to verify my domain ownership.
If, after 30 minutes, you have not received this e
mail, check the 'Current status' bo
x to make sure it is displaying your
mail address. If necessary, edit the address by clicking on the pencil icon. If it is correct, click re
send to have
the message re
sent. If the second attempt is still unsuccessful, check your spam filter to
make sure the e
mail has not
been flagged as spam, since we'll be a new sender. If it has, make sure to add support@SiteLock.com to your contacts to
ensure future communications are received. If none of these solutions works, please contact support to furt
I just registered my website and have not been called to verify my phone information.
The phone verification can take up to one hour to be sent, depending on volume. If it has been more than an hour and
you have not been contacted
, verify that your number is correct in the 'Current Status' box, and then click the re
link to have the system contact you again. If you've already done this without success, you can contact support to
perform a manual verification.
I Just signed up
and my reports are only showing that 26 of my 200 page website we scanned, why?
There are two possible explanations. First, check the limits of the package you have purchased. Certain limits apply to
our packages. The Basic plan only covers 25 pages of th
e website; to fully protect your site, please upgrade to the
Premium plan which scans up to 500 pages.
If that is not the reason, it may be that our "spider" cannot find all of the pages on your site. In many cases, this can
occur if there are portions of
your site not linked in some way to your home page. Since our spider works primarily by
"crawling" from link to link on your site, unlinked pages are sometimes missed. To help us get a more comprehensive
scan, you can place a "sitemap" file on your site,
which will tell our spider where to look. For details on how to create
this file, please visit
How long does the postal verification take? What should I look for in the mail?
ostal verification can take up to 7
10 business days, based on the postal service's delivery. The letter you get will be
rather nondescript, so please keep an eye out for it so you are sure to open it on arrival. Once you have it, the code is
enclosed on t
I just signed up. How do I start showing the SiteLock certification shield on my website?
We will make the shield available as soon as all scanning is complete with no issues. Once that happens, you can copy
and paste the shield code from the 'C
ertificate' tab in the 'Current Status' box. You will know that your steps are
complete based on the Green/Yellow/Red indicators on each tab in the 'Current Status' box. Your overall status is also
shown at the top of the dashboard.
I recently signed up f
or SiteLock and noticed that we are getting some empty submissions from some of the forms on our
web site (Contact us, etc.).
SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to
hese forms to gain access to your data. (Though we use similar techniques as hackers to test your pages, you do
not need to worry; our process is safe). This will result in attempts to submit forms on your website with encoded data.
If you wish to stop re
ceiving these e
mail's or entries, you may want to do some validation on the fields within your form
to ensure that data is being submitted in the correct formats before triggering e
mail's or database inputs. Since we
insert data that would not likely be
valid for any fields on your site, these validation measures should stop you from
getting these empty e
mail's or entries. It's also good coding and security practice to make sure your site's visitors are
providing the correct data in the expected formats.
Issues and Remediation
The malware scan came back with results for my site. What does this mean? How can I fix it?
The malware scan will notify you of any pages or links on your site that have been listed as purveyors of malware
(viruses, spyware, iden
tity theft scams, etc.). If you are on these lists, many browsers and search engines will 'black
your site, meaning Internet users will not be able to see it in search results and it will be flagged if they navigate to you
site. To get your site cle
aned up and off of these lists, remove offending links and clean your website to make sure there
are no viruses or spyware present.
Another option is to let us help you. SiteLock offers its Expert Services to help you remediate these issues. Just select t
'Help me fix this' option. You'll be taken to a new page to enter some additional information so our team of security
experts can help you.
mail scan came back with results for my site. What does this mean? How can I fix it?
mail scan will
notify you if your website or servers are sending or referenced in spam e
mails. If you are identified
on these lists, many e
mail programs will ignore or classify e
mails from your site as spam. This means your customers
and users will not get e
m you in many cases. To get your site off these lists and re
open communication with
your customers, you must get off of these e
mail 'blacklists'. SiteLock offers its Expert Services to help you remediate
these issues. Just select the 'Help me fix this' o
ption. You'll be taken to a new page to enter some additional information
so our team of security experts can help you.
My SSL scan failed. How can I fix this?
If your business requires SSL encryption of data, you need an up
date certificate to ensure
that your customers' data
is safe. The SSL scan will show as failed if your certificate is out of date. You need to renew your certificate with your SS
How does the Virus Scan work?
Our Virus scanner works by pulling the files from our daily sc
ans and comparing them to an industry
leading database of
virus signatures to determine if there is any match between your site and known malicious code. Because this is an
intensive process and we do not want to impact your site's performance, we do this
scan on a rolling basis, downloading
a piece of your site each day. For most sites, we will be able to complete this process within 30 days.
How do I see details on the issues reported?
From any point in the dashboard, you can drill to details. If
you see a 'Details' icon, clicking it will show a detailed list of
issues. If you are in a graph, clicking any element of the graph will show a detailed list of issues in that grouping.
Some of the terms are unfamiliar to me. Where can I get more informati
Anywhere on the dashboard, you can hover over a term to get a quick explanation of what we are showing there and
how to use it. If you would like a more detailed explanation, check the glossary or our Learn more page at
Can I change my notification preferences for the alerts?
Click settings at the top of the page and you can modify your preferences based on criticality and/or type of message.
My shield is no l
onger showing on my site. What happened?
Check the status at the top of the site. It's possible that something has changed and your site is no longer compliant.
Review the areas with yellow or red status and remediate the issues. Your shield will be availa
ble again after our next
Many areas of my dashboard show as grayed
out. Why is this?
This will happen when you are subscribed to one of our basic packages. If any part of the dashboard does not apply to
your site or package, it will appear grayed
. Upgrade to see the details of any of these areas.
I'd like to share the dashboard with others in my company. How can I do this?
Click the 'Manage Users' link on the left of the page. There you will see an 'Add Users' button. Fill in the info
presented and the new user will have access to the site.
I need to remove/modify a user.
Click the 'Manage Users' link on the left of the page. Next to each user's ID are the ‘modify’ and ‘remove’ buttons. Click
on the appropriate button to perform
the desired action.
Add a Site
My business contains multiple domains or websites. How can I monitor them all?
Click the 'Add a Site' link on the left of the page. There you can enter the required information to add a new site. The
information will be disp
layed alongside your current site information in the dashboard.
Where can I edit business/billing information
Click on the 'Manage Account' link on the left of the page. There you can choose the edit option to modify any
Can I see a billing history?
Click on the 'Manage Account' link on the left of the page. At the bottom of the page, your billing history appears.
Customer log in
Quick Step Setup
This will display the first time the customer logs in to help the
m finalize the set
up of their SiteLock account. They may
skip this and choose not to show it any more.
Here you can find information on the status of your SiteLock certification, statistics about your website, and important
messages from S
Phone, Address, and Domain verifications and submissions can be performed here. This information, as well as
the company information can be edited.
View warnings and details from the various securi
ty scans performed.
Change the badge size and color and find the link for adding the badge to your site
This graph shows total traffic to pages on your site where the SiteLock logo is displayed. Use this inf
view traffic trends over time. Use the controls above the graph to change the scale and time frame shown in the
This graph shows summary information about the open vulnerabilities on your network. Click on any bar to see
tailed information about the vulnerabilities. Use the controls above the graph to change the scale and time
frame shown in the graph.
This area shows summarized results of our malware scan on your site. If there were issues discovered, pleas
click the Details link to see detailed information about any issues and for help with Remediation.
This area shows summary information about email blacklists that have included your site or network among
known spammers. Hover over any item to see an explanation of the scan.
User App Scan
This area shows the summarized results of our scan of all applications used by your site. If there were issues
discovered, please click the details link to see detailed information about any issues, and
for help with
This area shows the summarized results of our scan for database vulnerabilities on your site. If there were issues
discovered, please click the details link to see detailed information about any issues and for help with
This area shows the summarized results of our scan for cross
site scripting vulnerabilit
ies on your site. If there
were issues discovered, please click the details link to see detailed information about any issues and for help
Messages and Alerts
This area will show the results of scans and any alerts that relate to the security of your website.
Listed are the current u
sers registered to view information on your site. Click the Modify button to change contact or
permissions for any user. To delete a user, click Remove. Owners can change account and billing information and add
sites. Other users may view site data and cha
nge their own user information.
Add new user and modify existing
Listed are the sites SiteLock is monitoring and verifying for you. All sites will be presented through the same dashboard
interface you are used to, in a consol
idated view. Click the expand button next to each site to view individual servers
(hosts) for any site. From there, you can also add or remove hosts.
Add a site
The term ‘Host’ refers to the various communication and networking ro
les your sever hardware can perform. We verify
your web server by default. You may wish to verify additional severs to improve your networks security. Options are SSL,
Incoming mail sever, outgoing mail sever, DNS sever, web server, FTP server and data bas
If a client wants to change the site name, they must call in and speak with a support agent
Your site information is below. Click Edit to modify any information. Note that changing information here will impact
your business ve
rification information on certificate
Here you can modify your security questions. These will be used in case you forget your password.
Installing SiteLock Seal
To show the SiteLock badge on your
site, log in to your dashboard
available from your web hosting control panel or by
On the upper right, you will see a drop down box, and you need to make sure that it shows the site that you want to use
the badge on (if you have
multiple web sites).
You will see a tab called "Certificate" and clicking on this will allow you to choose a badge format and get the HTML code
to put that badge on your page.
Some notes about the HTML code for the badge:
Please make sure that this cod
e is entered into a live web page (the code will not display the badge if you open
the page on your local computer in a web design program).
Make sure that you copy all of the HTML code.
Make sure that the HTML is saved intact.
If you use a content manag
ement system on your web site, you should make sure that you are placing the badge
in HTML format rather than in the WYSIWYG editor because your web page needs to have the full HTML to
display the badge properly.
If you trying it on a page stored on your
local computer then you need to add http: before the several instances of
"//shield.sitelock.com" in the code so that it looks like http://shield.sitelock.com. The raw code should work on any live
web site and any major browser, but not on a page saved on
If you are using CM4all to create your website please follow these steps.
Log into your CM4all.
Click on ‘Edit’.
Then click on ‘Settings’. Make sure that the check box ‘Activate footer text’ is enabled.
Click on the ‘Edit Content’, then cli
ck on the Menu bar ‘Edit’ select ‘Edit footer’.
There you paste the HTML code and apply for saving. Then check the preview to verify it. If it is working then
publish the website.
If you are using Weebly to create the website, then please follow the steps
1. Log into the control panel, along with your account username and password.
2. Click on 'Weebly Drag and Drop Builder' under 'Website'.
3. Click on 'Edit My Site'.
4. Click on 'Elements'.
5. Drag 'Custom HTML' element to body of your websit
e, where you wish to add custom HTML.
6. Click on 'Click to set custom HTML'.
7. Click on 'Edit Custom HTML'.
8. Enter the HTML code.
In order to place the SiteLock shield in your website using joomla, you can follow the steps given below:
1. Login to Joo
2. Go to Extensions tab
3. Select the template you used and edit it
4. Go to Edit HTML tab at the top corner
5. Place the certification code where ever you want to display the badge
You can add the SiteLock code to your WordPress by refer
ring to the steps given below:
1. Login to the WordPress admin.
2. Go to Appearance, click on Widgets.
3. Click on the text widget and Drag it to Primary widget area.
4. Paste the SiteLock shield code to inside the text area.
5. Click on Save.