SiteLock is a cloud-based security tool that scans your website for malware and vulnerabilities. SiteLock not only detects threats, but can also fix problems or security risks it encounters on your web space.

Scan your site

SiteLock scans your website for vulnerabilities like SQL injection flaws and cross-site scripting. It also submits forms and posts comments to find vulnerabilities hackers use to break in. If a threat is found, you are informed via email of the exact location.

SiteLock offers different scans to ensure that your site is secure. Which scans are available to you, depends on the subscription type you have.

  • Application scan - Looks for outdated or vulnerable applications installed on your web space, like for example an outdated version of WordPress. This scan is done once a month.
  • Malware scan - Does a daily scan of your site for malicious software, like hidden links, obfuscated JavaScript, links to known malware sites, etc. The scan is done from the visitor's point of view, so from the outside in.
  • SMART scan - Scans your website for malware and vulnerabilities from the inside out via FTP. SMART downloads your files and scans them for malware. If malicious code is found, the malware is removed and the cleaned file uploaded back to your server. A detailed description on how SMART works is available in the SiteLock Dashboard.
  • Spam scan - Runs your domain against leading spam databases to check if your domain is listed as a spammer. If your domain is listed, this could indicate that someone has gained access to your email address.
  • SQL injection scan - Tries to penetrate your site with SQL injection in your database. If SiteLock is able to alter your database, you will be informed about how and where SiteLock gained access.
  • SSL scan - Checks if your SSL certificate is verified and up-to-date.
  • XSS scan - Checks if your website is vulnerable for cross-site scripting by trying to penetrate your site with cross-scripting techniques. Cross-site scripting can be used to trick visitors into providing data to third parties.
  • Advisories - Checks your site every month for issues with external redirects, cookies, etc. Also gives tips on how to improve security, like for example using SSL encryption on password pages or upgrading applications.
  • Domain verification - Checks if you are the owner of the domain. This is done automatically for you when you sign up for SiteLock 
  • WordPress scan - This scan is only available if there is a WordPress installation on the web space. It checks for known vulnerabilities in WordPress core, themes, and plugins and informs you if anything if found. WordPress vulnerabilities are very easy to exploit, so we recommend to take immediate action if you alerted.