SiteLock Website Security

SiteLock monitors your website 24x7 for vulnerabilities and attacks,
which means you can worry less about your website and more about your business.

SiteLock Website Security

Sitelock is easy, economical and effective

Automatically Prevents Attacks

SiteLock monitors your website 24x7 for vulnerabilities and attacks, which means you can worry less about your website and more about your business.

Boosts Customer Trust

Over 70% Customers look for a sign of security before providing personal details online. The SiteLock Trust Seal not only re-assures customers but also boosts sales.

Starts Working Instantly

You don't need technical expertise to install and set up SiteLock for your website. SiteLock is cloud-based and starts scanning your website and email instantly.

How it Works


Scans Daily

SiteLock screens every aspect of your web presence daily to identify security gaps. It not only checks your website, email and applications but also search engine blacklists and spam filters.


Identifies Threats

SiteLock's 360 degree scan and powerful firewall identify advanced vulnerabilities before they can be exploited to damage your web presence, thus putting you one step ahead of hackers, always!.


Instantly Notifies and Fixes

SiteLock not only identify threats but also fixes them for you automatically. This way, SiteLock works in the background to protect your website, while it's business as usual for you and your customers.

Website Files

Vulnerabilities are detected immediately with the use of TrueShield™ virtual patching technology. By evaluating your website’s request SiteLock applies all necessary repair automatically.


Obsolete or defenseless applications are the most popular way for hackers to gain access to websites and data. The SiteLock Application Scan checks website applications to verify they are up-to-date and free from vulnerabilities.


SiteLock always scans a website's IP and domain against leading Email spam database to check if it's listed as a spammer. It also prevents if your website or service are sending or referenced in spam mails.

Visitor Traffic

The Network Scan checks thousands of server ports to ensure that only the appropriate ports for the desired services are open. Customers are alerted of any high-risk visitor traffic. SiteLock creates a secured field around your website by true Shield Firewall technology.

Changes to Files

By using SiteLock, your impotent file will be always secure. SiteLock configured such a deep scanning experiences (FTP scans). If there anything wrong or have been any change, you will be instantly alerted. It will help you to prevent any kind of unauthorized edits before they cause any damage done.

Search Engine Blacklists

There are many malware sites. Sitelock monitors search engines blacklist and checks their own database of 7000+ malware sites. Actually SiteLock assure that your site is no more linked or blacklisted. Through this process, SiteLock boosts your site's organic traffic and ranking.

One click script installer hosting provider

SQL Injections (SQL-I)

SQL Injection is one of the most common vulnerabilities. The SiteLock SQL Injection Scan penetrates a site with SQL injection methods to find vulnerabilities. This prevents leaking data to hackers.

One click script installer hosting provider

Remote File Includes (RFI)

Attackers upload a custom coded, malicious file on a website or server using a script. The vulnerability exploits the poor validation checks in websites and can eventually lead to unintended code execution on the server or website.

One click script installer hosting provider

Cross-Site Scripting (XSS)

Cross-Site Scripting is another common vulnerability that can be used to steal visitor’s data or trick visitors into providing data to third parties. On that particular case, SiteLock checks for susceptibilities and notifies customers of any problems.

One click script installer hosting provider

Broken Authentication and Session Management

Often, application functions related to authentication and session management are not implemented correctly, allowing hackers to steal passwords, keys, tokens, or exploit other implementation flaws to assume users' identities.

One click script installer hosting provider

Cross-Site Request Forgery (CSRF)

It is an ongoing attack, which forces the ultimate user to perform unwanted actions on a web application. CSRF attacks specifically target a state changing requests. SiteLock also prevents this attack.

One click script installer hosting provider

Unvalidated Redirects and Forwards

Due to improper validation, websites often redirect users to other pages using untrusted data to determine the destination. This allows attackers to redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

One click script installer hosting provider

Insecure direct object references

It is a common type attack. It occurs when a developer published a reference to an inner implementation object, such as the file, directory or database key. Short of access control check or other defense, this types of attackers can control these references to access unauthorized data.

One click script installer hosting provider

Security misconfiguration

Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.

One click script installer hosting provider

Insecure cryptographic storage

Insecure Cryptographic Storage isn’t a single vulnerability, but a collection of vulnerabilities that compromise data storage. Usually, this collection involves encryption of very sensitive data. Known causes are incorrect encryption of data, improper key storage and management, using known bad algorithms or using your own insecure cryptography.

One click script installer hosting provider

Insufficient transport layer protection

Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to "eavesdrop" on online exchanges. An SSL certificate can also neutralize this threat.

Best web designing company in Asia

Instantly Notifies

The global leader in website security, SiteLock scans over 5 million websites every day for malware and vulnerabilities. SiteLock uses such an instant 360's scanning tools that evaluate your website both from the outside-in and the inside-out to analyze your website and notify you instantly if any threat detected.

Instantly Fixes

SiteLock SMART, threat removal tools, provides full website analysis to detect and remove malicious files and code.


  • Cross-Site Scripting (XSS) Scan
  • Daily FTP SMART Scan
  • Daily vulnerability scans
  • CDN (Content Delivery Network) website performance
  • Reputation monitoring
  • Verifiable Trust Seal
  • Identifies loopholes or vulnerabilities in your code

Features for websites Basic For Static websites
Professional For Dynamic websites
Premium For Ecommerce websites
Enterprise For Web Applications
360 Degree Scan and Network Security
Number of Pages 25 100 500 2,500
Daily Malware Scan
Network Scan
Daily FTP Scan
Automatic Malware Removal
File Change Monitoring
Website Application Scan 1-time 1-time
SQL Injection Scan 1-time 1-time
Cross Site Scripting (XSS) 1-time 1-time
Trueshield Firewall
Search Engine Blacklist Monitoring
Spam Verification
SSL Verification
Business Verification
Phone Number Verification
Postal Address Verification
Truespeed CDN
Unlimited Bandwidth
Global CDN
Caching of Static Content
Compression if Static Content
Content Minification
Image Optimization
Buy Buy Buy Buy

Note: SSL-enabled websites are not compatible with the Basic Firewall and CDN that is included for Free in every plan. However, the scans will work as expected for such websites.


What is SiteLock?
SiteLock is a cloud-based, website security solution for small businesses. It works as an early detection alarm for common online threats like malware injections, bot attacks etc. It not only protects websites from potential online threats, but also fixes vulnerabilities. Features include:

  • website scans to check for the presence of malicious code or vulnerabilities
  • automatic removal of any identified malicious code / malware
  • basic firewall
  • website reputation monitoring (check if the website is blacklisted in search engines and spam blacklists)
  • CDN to boost site speed, and hence rankings on search engines

SiteLock is only meant for websites and not for a personal computer or laptop.

Why will an SSL certificate not suffice?
An SSL certificate is used only to encrypt a connection between the browser and server to safely transmit sensitive information. However, SiteLock actually protects the database where this information is stored, scans your website files and applications, protects from data breaches and spreading of viruses/malware. These functionalities are not provided by an SSL certificate.
How do I configure SiteLock for my website?
SiteLock is a cloud-based service and does not require any installation. Once provisioned for your website, it automatically starts scanning your website using the basic scans. To use the advance features, some amount of configuration is required:

  • TrustSeal - requires minimal installation
  • SMART Scan - requires user to input FTP details in the SiteLock Panel
  • basic firewall
  • Firewall - requires addition of an A record
  • CDN - requires addition of a CNAME record
What is SiteLock badge or TrustSeal?
SiteLock badge or TrustSeal is a image that can be displayed on your website to assure users that your website is secure and malware-free. Since SiteLock performs all scans daily, the TrustSeal is update everyday to indicate that all scans have passed Note

The badge is displayed only when no issues are found during the website scan.

What is Deep 360-Degree Site Scan?
Deep 360-Degree Site Scan checks all files susceptible to threats, including .css files, .js files, .jpg, .png and other image files and others. It performs a deep scan checking for anything that could turn into a security issue.
What different types of scan are available?
Available types of scan include:

  • Daily Malware Scan
  • Daily FTP Scanning
  • Website Application Scan
  • SQL Injection Scan
  • Cross Site Scripting (XSS) Scan
All these scans are part of the Deep 360-Degree Site Scan. The availability and frequency (daily or one-time) of these scans differ from Plan to Plan.
In case a site is infected, will the TrustSeal display threat notification to the visitors on site?
If a scan fails, site visitors will not be alerted to any problem. The TrustSeal will simply continue to display the last date when all scans were passed. If the site owner fails to rectify the problem, within a few days SiteLock will remove the TrustSeal from the site. The TrustSeal will never indicate that a website has failed a scan.
What is SMART?
Secure Malware Alert and Removal Tool (SMART), if enabled, performs an in-depth site scan and automatically removes malicious code from files on the site. SiteLock makes calls to the web server and replicates the website files on their secure servers and scans the contents thoroughly to identify malicious code or vulnerabilities. In the course of doing this, it can also remove the malicious code from the files, to prevent further damage.
You can choose to not allow SMART to remove any code. In that case, you will only be notified of the vulnerability identified, and you will need to manually check / remove it. Note
  • To use this tool, you need to provide your FTP information in the SiteLock panel, along with the port number.
  • This tool uses the FTP protocol.
How will I know what changes SMART made to the website / What happens if the website breaks after SMART removed some code?
SiteLock provides a month's worth of change logs for your website. You can always restore the previous version of the page / website. You then need to manually check the highlighted code for any malicious components and remove them yourself.
What if SiteLock has incorrectly highlighted legitimate code as vulnerable / malicious?
It might be happen that certain code on the website looks vulnerable but it is still doing what you intended it to do. If so, you can use the Report a False Positive option in the SiteLock Panel and SiteLock will ignore that vulnerability moving forward.
What is the purpose of Domain Verification?
The purpose of this verification is to ensure that the user indeed owns and controls the website.
  • Domain names registered under XeonBD will be automatically verified
  • For other domain names, the verification process can be completed in one of the following ways:
    • Add DNS Records for the TrueShield setup
    • Add a meta tag to your website page
    • Upload a file to your website
Instructions for these options are available in the SiteLock Dashboard.
What is the purpose of Business Verification?
Business verification is a service offered by SiteLock where it verifies the phone number and physical presence of a business. This is typically conducted to assure online users that a business actually exists and it is not a fly-by-night setup. This consists of:
  • Phone Verification - You need to enter your phone number in the SiteLock Panel and request a verification. Within an hour, you will receive an automated call from SiteLock and you will be provided with a 4 digit code. You then need to submit that code in the SiteLock Panel to verify your phone number.
  • Postal Address Verification - After providing your postal address in the SiteLock Panel, you will receive a letter at your postal address within 7-10 days of requesting verification. This letter will contain a 4 digit code that needs to be submitted in the SiteLock Panel to verify the physical address.
Note If you want to display your contact information on the TrustSeal, it is necessary to verify your business details.
What is Reputation Monitoring?
SiteLock's Reputation Monitoring consists of the following components:
  • Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.
  • Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.
  • SSL Verification: SiteLock examines the site's SSL certificate to verify
    • Encryption strength
    • Certification Authority
    • Certificate expiry
    • Validity of name / domain name
What type of a Firewall is offered by SiteLock and how to set it up?
SiteLock offers a basic firewall to help block bot traffic which may harm the website. On logging into the SiteLock Dashboard, you can see a graph of your website's traffic which reports human visits and bot visits.
To use SiteLock's Firewall, you need to add an A record to your domain name in order to point to SiteLock's servers where the Firewall is installed. This way, all traffic coming to the website is routed through the Firewall.
How is traffic routed back to the website after going through the Firewall?
You are required to specify the IP address of your website in the SiteLock Panel so that after routing your traffic through the Firewall, SiteLock can divert it back to your website.
Can I configure the Firewall?
The Firewall is pre-configured, and no options are available within the SiteLock Panel to manage it. However, in the higher end Plans, users can configure certain aspects of the Firewall.
Will SiteLock's Firewall block bots of search engines also?
Search engines use spiders to crawl and index websites. SiteLock's Firewall can distinguish good bots from bad bots and hence will not block search engines from indexing the site.
What is a Content Delivery Network (CDN) ?
A Content Delivery Network is a set of servers, spread across the world that cache your website. When a user requests your website, the server closest to the user's location will serve those requests. This in turn serves the website faster, thus speeding up its performance. Note Faster load times not only improve user experience but also contribute to better website ranking, as search engines take load time into account while ranking a website.
How can I set up CDN for my website?
You need to add a CNAME record to a sub-domain ( to redirect to SiteLock's CDN Note A CNAME record should always be added to a sub-domain and not the primary domain, as it might clash with an MX record set up on the primary domain, thus hampering the email.
Does SiteLock send any alerts to the Customer or the domain name owner?
No. All notifications are sent from our system.
What products is SiteLock compatible with?
SiteLock is compatible with all types of hosting purchased either from XeonBD or elsewhere.
Can I use a single SiteLock Order for multiple domain names?
No. A single SiteLock Order can be used for only a single domain name. Hence, separate SiteLock Orders need to purchased for domain names individually. However, all SiteLock Orders belonging to the same user can be managed from a single SiteLock Panel.
Can the SiteLock Panel be accessed directly through a URL?
There is no way to access the SiteLock Panel directly through any URL. It can only be accessed from the SiteLock Management page from within the XeonBD’s management panel.
Is there a Money Back Guarantee for SiteLock Orders?
We are not offering any Money Back Guarantee for SiteLock Orders.
How can the SiteLock Order be upgraded or downgraded?
You can upgrade or downgrade your SiteLock Order from your XeonBD’s clients area..
What steps need to taken on receiving a threat alert?
On receiving a threat alert, login to the SiteLock Panel and view the details of the threat. Then, you may:
  • contact the website developer to fix the affected code;
  • use SMART for auto-removal of the malware;
  • check if all the applications and scripts are up to date. Judiciously use the third-party plug-ins and disable them, wherever possible.
I recently signed up for SiteLock and noticed that I am getting some empty submissions from some of the forms on my web site (Contact us, etc.)
SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to exploit these forms to gain access to your data. This will result in attempts to submit forms on your website with encoded data. If you wish to stop receiving these e-mails or entries, you may want to do some validation on the fields within your form to ensure that data is being submitted in the correct formats before triggering e-mails or database inputs. Since SiteLock inserts data that would not likely be valid for any fields on your site, these validation measures should stop you from getting these empty e- mails or entries. It is also a good coding and security practice to make sure your website visitors are providing the correct data in the expected formats.

Over 1 million website owners trust SiteLock

My company is a member with SiteLock for almost six months, and we believe that our sales have increased due to this awesome product. Our clients can now feel safe while visiting our site and know that they are safe from malware, spam, viruses. One of the great features that we love is the floating Trust Seal that is displayed on all of our pages. We would like to thank SiteLock for helping us establish trust and security for our site.

From satisfied SiteLock customers

Thanks again for the help you gave me with my new website. In just a few minutes you showed me a lot of features that would have taken me months to figure out for myself. I appreciate your interest in the success of my new web presence!

From satisfied SiteLock customers

Finding SiteLock after searching the internet has been a winning move for my website. I could sense immediately that this company was knowledgeable in website protection. They care about all my concerns related to protecting my international clients. No one in the world wants to log in to a site they suspect is malicious. SiteLock has been vigilant about scanning for cross-scripting vulnerabilities and corrects them within a day. I rest assured that my site is protected from hackers and viruses for years to come.

From satisfied SiteLock customers
If you've any query, please contact our Sales department by clicking here