SiteLock Plan Details

The various SiteLock Plans offered by DigiCroft and their specifications are listed below:

Elements Plan I Plan II Plan III Plan IV
360 Degree Scan and Network Security
Number of Pages 25 100 500 2500
Daily Malware Scan
Network Scan
TrustSeal
Daily FTP Scan
Automatic Malware Removal
File Change Monitoring
Website Application Scan 1-time 1-time
SQL Injection Scan 1-time 1-time
Cross Site Scripting (XSS) 1-time 1-time
Trueshield Firewall
Security Alerts
Use of Global Network to Identify Malicious Behaviour
Block Bad Bot Attacks
Search Engine Access
Comment Spam Elimination
CAPTCHA Security
Block Content "Scraping"
Blacklist Monitoring
Search Engine Blacklist Monitoring
Spam Verification
SSL Verification
Business Verification
Phone Number Verification
Postal Address Verification
TrueSpeed CDN
Unlimited Bandwidth
Global CDN
Caching of Static Content
Compression if Static Content
Content Minification
Image Optimization
Note

SSL-enabled websites are not compatible with the Basic Firewall and CDN that is included for Free in every plan. However, the scans will work as expected for such websites.

Major components of SiteLock Plans

Domain Verification

  • Upon purchasing a SiteLock Order, the associated domain name needs to be verified, in order to ascertain that the user indeed owns and controls this website.

  • Domain names registered under DigiCroft will be automatically verified.

  • For other domain names, the verification process can be completed in one of the following ways:

    • Add DNS Records for the TrueShield setup

    • Add a meta tag to your website page

    • Upload a file to your website

    Instructions for these options are available in the SiteLock Dashboard.

Note

While all other scans will work even if the domain name has not been verified, the TrustSeal cannot be displayed on the website and an Application Scan cannot be conducted.

Website Scanning

SiteLock performs two types of scans to detect malware and vulnerabilities on the website:

  • Outside-In scan: A basic scan that checks for malware present on the website pages, like external redirects, hidden links, obfuscated JavaScript, links to known malware sites, etc.

  • Inside-Out scan (FTP scan): An in-depth scan that downloads the website files on SiteLock's servers and checks for malicious code.

    Note
    • This scan is not available in the lowest Plan.

    • FTP details of the website need to be provided in order to run this scan.

Secure Malware Alert and Removal Tool (SMART)

  • Using the FTP scan, SMART can automatically remove malicious code found on the website.

  • The user has the option of enabling or disabling automatic malware removal.

  • If enabled, SiteLock maintains the website's change logs for a month.

Note

This scan is not available in the lowest Plan.

Security Badge or TrustSeal

Website owners can choose to install and display a Security Badge or TrustSeal on their website to assure users that their website is secure and malware-free. Since SiteLock performs all scans daily, the TrustSeal is update everyday to indicate that all scans have passed.

Note

The badge is displayed only when no issues are found during the website scan.

Business Verification

  • Business verification is conducted by the SiteLock team, where the website owner is ratified for his actual physical presence and includes

    • Postal Address Verification, which ensures that the site owner can receive and respond to postal mail, such as customer payments or inquiries, and

    • Phone Verification, which ensures that the number mentioned is actually manned by a team and customers can report issues or request additional products or services.

  • The business verification is required in order to display your physical address and phone number on the TrustSeal.

Application Scanning

  • Scans applications above the level of operating system, that have been installed by the website owner, like Drupal, Joomla!, Wordpress, PHP Nuke, vBulletin, etc.

  • Checks for vulnerabilities in the software and recommends upgrades, if older versions, which are known to have security loopholes, are being used.

TrueShield Firewall

  • It protects websites from malicious traffic and blocks harmful requests.

  • Website owners need to add an A record to point to SiteLock’s firewall so that all traffic is routed through the firewall.

Reputation Monitoring

SiteLock's Reputation Monitoring scans consists of the following components:

  • Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.

  • Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.

  • SSL Verification: SiteLock examines the site's SSL certificate to verify

    • Encryption strength

    • Certification Authority

    • Certificate expiry

    • Validity of name / domain name

TrueSpeed CDN

  • A Content Delivery Network is a system of globally distributed servers that cache website content and serve it from the nearest server to a visitor.

  • A CDN is effective in speeding up load time and performance of a site. This also helps to boost organic ranking.

  • Website owners need to add a CNAME record to a subdomain to redirect traffic through SiteLock’s CDN.