- Upon purchasing a SiteLock Order, the associated domain name needs to be verified, in order to ascertain that the user indeed owns and controls this website.
- Domain names registered under riacube will be automatically verified.
For other domain names, the verification process can be completed in one of the following ways:
- Add DNS Records for the TrueShield setup
- Add a meta tag to your website page
- Upload a file to your website
Instructions for these options are available in the SiteLock Dashboard.
Note: While all other scans will work even if the domain name has not been verified, the TrustSeal cannot be displayed on the website and an Application Scan cannot be conducted.
SiteLock performs two types of scans to detect malware and vulnerabilities on the website:
-
- Outside-In scan: A basic scan that checks for malware present on the website pages, like external redirects, hidden links, obfuscated JavaScript, links to known malware sites, etc.
- Inside-Out scan (FTP scan): An in-depth scan that downloads the website files on SiteLock’s servers and checks for malicious code.
Note:This scan is not available in the lowest Plan.
- FTP details of the website need to be provided in order to run this scan.
- Secure Malware Alert and Removal Tool (SMART)
- Using the FTP scan, SMART can automatically remove malicious code found on the website.
- The user has the option of enabling or disabling automatic malware removal.
- If enabled, SiteLock maintains the website’s change logs for a month.
Security Badge or TrustSeal
Website owners can choose to install and display a Security Badge or TrustSeal on their website to assure users that their website is secure and malware-free. Since SiteLock performs all scans daily, the TrustSeal is update everyday to indicate that all scans have passed.
Note: The badge is displayed only when no issues are found during the website scan.
Business Verification
Business verification is conducted by the SiteLock team, where the website owner is ratified for his actual physical presence and includes
- Postal Address Verification, which ensures that the site owner can receive and respond to postal mail, such as customer payments or inquiries, and
- Phone Verification, which ensures that the number mentioned is actually manned by a team and customers can report issues or request additional products or services.
The business verification is required in order to display your physical address and phone number on the TrustSeal.
- Scans applications above the level of operating system, that have been installed by the website owner, like Drupal, Joomla!, WordPress, PHP Nuke, vBulletin, etc.
- Checks for vulnerabilities in the software and recommends upgrades, if older versions, which are known to have security loopholes, are being used.
TrueShield Firewall
- It protects websites from malicious traffic and blocks harmful requests.
- Website owners need to add an A record to point to Site Lock’s firewall so that all traffic is routed through the firewall.
Reputation Monitoring
Site Lock’s Reputation Monitoring scans consists of the following components:
- Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.
- Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.
SSL Verification: SiteLock examines the site’s SSL certificate to verify
- Encryption strength
- Certification Authority
- Certificate expiry
- Validity of name / domain name
TrueSpeed CDN
- A Content Delivery Network is a system of globally distributed servers that cache website content and serve it from the nearest server to a visitor.
- A CDN is effective in speeding up load time and performance of a site. This also helps to boost organic ranking.
- Website owners need to add a CNAME record to a subdomain to redirect traffic through SiteLock’s CDN.