SiteLock Website Security

Website Protection Only $1.99/mo

  • Scans and removes malware
  • Stops malware before it reaches your website
  • Detect security gaps and back doors before they’re exploited


SiteLock Find

Automatic scanning

As low as


$1.99/mo when you renew

  • Daily malware scanning
  • Daily vulnerability scan
  • 1 website up to 25 pages

SiteLock Fix

Proactive defense against malware

As low as


$6.99/mo when you renew

  • Daily malware scanning & removal
  • Daily vulnerability scan
  • 1 website up to 500 pages
  • File change monitoring

SiteLock Prevent

Stops malware and boosts site performance

As low as


$39.99/mo when you renew

  • Daily malware scanning & removal
  • Daily vulnerability scan
  • 1 website up to 2500 pages
  • File change monitoring
  • Web Application Firewall (WAF)
  • Global Content Delivery Network (CDN)

All SiteLock plans also include

  • Spam blacklist monitoring
  • SiteLock Trust Seal
  • Search engine blacklist monitoring

Safe customers are happy customers.

Daily scans root out bugs

Hackers are smart, but SiteLock is smarter. It scans your website once a day for malware, viruses, suspicious code and application vulnerabilities. The SMART tool automatically removes the bad stuff before it can harm your site. SiteLock also notifies you when it finds SQL-injections (SQLi) and cross-site scripts (XSS). View the scan and fix status from your SiteLock dashboard anytime.

Address Defence

The best defense is a good offense

A Web Application Firewall (WAF) filters incoming traffic before it reaches the website. SiteLock’s TrueShieldTM WAF reviews where the traffic’s coming from, how it’s behaving and what information it’s requesting. It lets customers and search engines through, but blocks malicious bots and hackers.

Lightning-fast load times

The average visitor will wait a couple of seconds for a website to load before clicking away. That’s why we’ve included a global Content Delivery Network (CDN) in the Ultimate plan. SiteLock’s TrueSpeedTM CDN significantly increases speed, no matter where your customers are or what device they’re using. Faster loads mean more business. In the event of traffic spikes, CDN guarantees your website stays up and running so there’s no interruption to your business.

Load Time

SiteLock has data centers strategically located around the world.

North America

Atlanta, Georgia, USA | Ashburn, Virginia, USA

Chicago, Illinois, USA | Dallas, Texas, USA

Los Angeles, California, USA | Miami, Florida, USA

New York, New York, USA | San Jose, California, USA

Seattle, Washington, USA | Toronto, Ontario, Canada

Middle East

Tel Aviv, Israel


Amsterdam, Netherlands | Frankfurt, Germany

London, England, UK | Madrid, Spain

Milan, Italy | Paris, France

Stockholm, Sweden | Vienna, Austria

Warsaw, Poland | Zurich, Switzerland


Hong Kong, China | Singapore, Singapore
Tokyo, Japan


Auckland, New Zealand | Sydney, Australia

South America

Sao Paulo, Brazil

Top 10 online threats

Hackers use complex code and strategies to break into your site, but the results are simple – angry customers, lost revenue and a damaged reputation. Here are the 10 most common threats identified by the Open Web Application Security Project:



It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.

Cross-site scripting

Cross-site scripting

Cross-site scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, costing the site owner to lose business.

Insecure direct object references

Insecure direct object references

When an application doesn’t verify if a user is authorized to view particular content, it can be manipulated to access private data.

Broken authentication

Broken authentication

When account credentials and session tokens aren’t properly protected, hackers can assume users’ identities online.

Cross-site Request Forgery (CSRF)

Cross-site Request Forgery (CSRF)

A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS or other techniques. If the user is logged in, the attack succeeds.

Security misconfiguration

Security misconfiguration

Security misconfiguration flaws give hackers unauthorized access to system data via default accounts, unused pages, unpatched flaws, unprotected files and directories.

Insecure cryptographic storage

Insecure cryptographic storage

Many web applications don’t do enough to protect sensitive data such as credit card numbers, Social Security numbers and login credentials. Thieves use this data for identity theft, credit card fraud or other crimes.

Failure to restrict URL access

Failure to restrict URL access

An app will often protect sensitive interactions by not showing links or URLs to unauthorized users. Attackers use this weakness to access those URLs directly in order to carry out unauthorized actions.

Insufficient transport layer protection

Insufficient transport layer protection.

Applications often fail to authenticate, encrypt and protect the confidentiality of network traffic. Some use weak algorithms, expired or invalid certificates or use them incorrectly. This allows hackers to “eavesdrop” on online exchanges. An SSL certificate can also neutralize this threat.

Invalidated redirects & forwards

Invalidated redirects & forwards.

Web applications often redirect or forward legitimate users to other pages and websites using insecure data to determine the destination. Attackers use this weakness to redirect victims to phishing or malware sites or use forwards to open private pages.

Your questions, our answers

How do TrueShield WAF and TrueSpeed CDN work?

With a simple change to your website’s DNS records (and with no hardware or software required), your website traffic will be seamlessly routed through SiteLock’s global network of high-powered servers. WAF screens your incoming traffic in real-time, blocking the latest web threats (e.g. SQL injection attacks, scrapers, malicious bots, comment spammers) and thwarting triple-digit gigabit DDoS attacks.

With advanced WAF settings, you can control the interactions visitors can have with your website and block most attacks. WAF takes just five minutes to set up.

Why do I need TrueShield WAF?

  • Prevent common hacks such as SQLi and XSS
  • Close backdoor access to your website files
  • Protect customer information and website databases
  • Block spam comments

Meanwhile, CDN speeds up outgoing traffic for faster load times, keeping visitors on your site longer.

SiteLock’s TrueSpeedTM CDN includes these intelligent content caching abilities:

Static content caching
CDN caches static content throughout your website – including HTML files, JavaScript resources and imagery – so they can be delivered faster and more efficiently.

Dynamic content caching
Some website pages change regularly, while others change rarely or only for specific users. SiteLock continuously profiles website resources, gathering information on how content is displayed. This enables optimized caching, and ensures that content delivered to the user is up-to-date.

Serving pages from memory
SiteLock’s CDN is able to identify the most frequently accessed pages and serve them straight from memory. This avoids the file system and other generic instruments, such as buffer-cache.

Complete caching-control
If you change or redesign part or all of your website, CDN allows you to purge cached content. You can clear out all of your site files from SiteLock’s servers or only specific pages. This will speed the updating process, allowing for an instantaneous refresh of your website.

Why do I need TrueSpeed CDN?

  • Improve performance and customer satisfaction with faster load times
  • Improve your search ranking – faster sites rank higher in search results
  • Reduce bounce rate
  • Prevent a site crash in the event of a traffic surge

If I have an SSL certificate, why do I need SiteLock?

An SSL certificate secures the information passed back and forth between visitors and your website (i.e. credit card information, login name and password) but it can’t find malware or the vulnerabilities hackers use to break in and do damage.

SiteLock not only finds vulnerabilities and malware, it automatically removes them from your website using our SMART malware removal tool. It complements your SSL certificate, making your website hack-proof.

Read here more information.

How do I set up SMART automatic malware removal?

SiteLock setup takes just five minutes. Simply log in to your Exabytes account, and click on SiteLock. Click Launch next to the account you want to use, and then provide the requested information. Be sure to turn on SMART for automatic malware removal. Setup Auto Removal Tool

How does SiteLock work?

Our 360° website security scanner checks your website for common vulnerabilities, including phishing exploits, SQL injection flaws, and cross-site scripting. It checks your URLs, submits forms, posts comments and performs other tests to find the application vulnerabilities hackers use to break in.

SiteLock’s SMART malware removal tool automatically removes malware – no action needed from you. Our security system not only protects you and your customers, it keeps your website from being blacklisted by search engines.

You can check your latest scan results anytime via our easy-to-read online dashboard. It delivers real-time reports in English, Spanish, French, German, Dutch, Italian, Polish and Portuguese (Brazil and Portugal), with more languages to come. For really thorny problems, SiteLock maintains an award-winning team of online security professionals ready to step in and get you back online in a hurry.

How quickly does SMART remove malware?

All of our SiteLock plans, if you turn “auto-clean” on in SMART then the fix will be instant. If auto-clean is off, you have the option of fixing whatever SiteLock finds by clicking a button or cleaning the site yourself based on the scan report you’ll see in the SMART detail screen.

How can I tell if SiteLock actually fixed the problems with my site?

Log on to the SiteLock dashboard and get to the detail section for SMART. You’ll see a report that shows you what SiteLock has found, and the things that are fixed.

Will SiteLock scans slow down my site?

All the actual file scanning happens on SiteLock servers, so your site will not be affected during the scan itself.

The very first time SiteLock scans a site, it will take some time to download the files to SiteLock’s servers. This may have a minor effect on your site’s performance, especially for larger sites. But as the days go by, SiteLock will be downloading fewer files because it will only pull new and changed files down to the server. This should reduce the impact SiteLock has during scans.

How long will one scan take?

This depends on the size of the site, how many files there are, etc. Each file is scanned very rapidly, and the actual scanning happens on SiteLock’s server, so the total wait you experience is: Time to download + time to scan + time to upload.

Does SiteLock create backup files?

Yes, SiteLock backs up the files that have been modified. These files will be held for a brief period of time and then deleted.

Will SiteLock scan my database?

No, SiteLock website security does not scan the content of your databases.

How often will the scan run?

You can set the scan frequency to daily, weekly or monthly in the SMART settings section of your dashboard.

If SiteLock removes malware automatically, why do you offer manual repair too?

New kinds of malware are created every day. There may be a short period of 24 – 48 hours during which SiteLock is unaware of a new attack. But you can sleep easy, because SiteLock malware security technicians are always on top of the latest threats. They provide an added level of protection by fixing your site manually if needed.

What types of website security threats does TrueShield WAF protect against?

SiteLock’s WAF secures your application from any type of application layer hacking attempt, such as SQL injection, cross-site scripting, illegal resource access and other OWASP top 10 threats. Advanced client classification technology detects and blocks malicious bots that are often used for application DDoS attacks, scraping and vulnerability scanning.

Will SiteLock add latency to my website?

No. SiteLock uses a globally distributed network of data centers that ensures every visitor is served by the closest one. This is the same technology used by most large websites to speed content delivery through a Content Delivery Network (CDN). In fact, SiteLock will make your website run faster and consume less computing and bandwidth resources by caching site data and applying other acceleration techniques. The website performance enhancing characteristics of the CDN more than offset the extra hop introduced by routing traffic through our network. The net result is lower latency and faster-loading webpages.

Our Customers Found This Helpful, Rate Us

Please wait...