What Is SiteLock?

SiteLock is a website security service that performs daily scans to identify vulnerabilities and protect sites from threats such as viruses, cross-site scripting (XSS), SQL injection, and email blacklisting. The SiteLock Trust Seal also signals to visitors that the website is monitored, which can build customer confidence and improve conversions. This article answers the most common questions resellers ask about SiteLock.

Does SiteLock work with any hosting company, server, or software?

Yes. SiteLock works regardless of the hosting company, server type (such as Apache or IIS), or website software (such as WordPress).

What types of problems does SiteLock scan for?

SiteLock performs a Deep 360 Scan that covers:

• Reputation monitoring — Confirms the website's reputation is intact and communication with visitors and customers is uninterrupted.
• Malware blacklist — Checks search engine and proprietary malware lists to make sure the site is not blocked by search engines and browsers.
• Spam blacklist — Verifies email addresses, domains, and email servers against the lists used by popular email tools, so messages reach customers' inboxes instead of their spam folders.
• SSL verification — Confirms users do not see a certificate warning or error when visiting the site.
• Network security — Validates the network so attackers have no opening to access the server.
• Drive-by downloads — Scans the website to ensure visitors are not being infected with viruses that hackers often place on compromised sites.
• Customer data protection (SQL and XSS) — Performs forward- and backward-looking scans to keep current and future visitor and customer data secure.
• Application security — Verifies that any third-party applications installed on the website are secure and up to date.
• Business verification — Certifies the validity of the business and provides a certification badge to display to visitors.
• Domain ownership — Confirms the domain owner is in control of the domain.
• Postal address — Verifies the site owner can receive and respond to postal mail.
• Phone verification — Confirms there is a phone number where customers can report issues or request additional products or services.

What happens if SiteLock finds a vulnerability?

Site visitors are not alerted to any problem. The SiteLock seal continues to display the date of the last good scan. If the site owner fails to fix the issue, SiteLock removes the seal within a few days and replaces it with a transparent single-pixel image. SiteLock never displays any indication to visitors that a website has failed a scan.

How does SiteLock notify customers when it finds an issue?

SiteLock notifies the site owner by email and with an alert in the SiteLock Dashboard. The report includes complete information about the issue along with guidance on how to remove it.

How is SiteLock billed?

SiteLock is a subscription service billed in advance and offered in one-year terms.

Will SiteLock impact website performance?

No. SiteLock scans do not impact website performance, and the SiteLock seal does not affect page load times.

Where do customers manage their SiteLock service?

Customers can manage SiteLock through the white-label DomainAdmin.com interface that OpenSRS provides, or you can build the SiteLock dashboard into your own control panel.

Can a SiteLock subscription be upgraded?

Yes. Customers can upgrade from SiteLock Find to SiteLock Fix or SiteLock Prevent, or from SiteLock Fix to SiteLock Prevent. Downgrades are not supported. When a subscription is upgraded, the expiry date resets to one year from the upgrade order date.

Next steps

• Enable SiteLock for a domain — Activate the product and install the trust seal.
• Plan an upgrade — Move a customer from Find or Fix to a higher tier.
• Review what SiteLock scans — Learn what each part of the Deep 360 Scan covers.

Questions? Contact OpenSRS Support.