header-logo

Knowledgebase

How to sell Sitelock Products

The average website experiences multiple cyber attacks per day, and unfortunately, some are successful.

Help protect your clients by offering them industry-leading technology from SiteLock, so they are ready if an attack takes place. 

SiteLock provides comprehensive website security to keep the website visitor safe. It performs website daily scans to identify vulnerabilities or malware. When vulnerabilities or malware are found, you will be alerted immediately. Based on your SiteLock scanner, it will automatically remove any malware on your website. For content management system (CMS) websites, SiteLock can automatically patch found vulnerabilities.

Offer clients multiple plans designed to protect sites from varying levels of malicious online activity:

Lite
  • Description: SiteLock ‘Lite’ is a free daily website scan that checks for malware on up to 5 pages and provides your customers with a ** Risk Score Assessment. The product works by crawling a website’s source code and sending an alert if malware is detected. The product requires no installation by the customer, nor does it consume any of the customer’s website resources. However, due to the page limitations and “outside-in” crawling the product cannot detect all malware.
  • Recommended Client: Provide to all client servers as an early alarm system for clients leading to an upgrade to a higher tier service.
Find
  • Description: SiteLock ‘Find’ is the immediate upgrade from the free Lite product. Find customers get access to multiple website scanners designed to both monitor and alert of website security issues on up-to 25 pages.  This includes both the basic Lite scanner that crawls website code externally and SiteLock’s proprietary SMART scanner, which downloads a copy of the website’s source files and scans them from the inside-out for deeper detection of security issues. This service identifies malware infections, malware scripts, algorithms, backdoor files, and malicious coding.  ‘Find’ also includes a one-time vulnerability scanning for **SQL Injections, **Cross Site Scripting (XSS) and **Website Application weaknesses.  ‘Find’ does not include any remediation/malware removal.
  • Recommended Client: ‘Find’ is recommended for website owners who are capable of self-remediating a website security issue.
Fix
  • Description: SiteLock ‘Fix’ combines the security detection capabilities of Find with automated malware removal. The service provides daily detection and removal of malware on up to 500 pages, plus daily vulnerability scanning for **SQL Injections, **Cross Site Scripting (XSS) and **Website Applications weaknesses.
  • Recommended Client: Fix’ is recommended for website owners who don’t want to worry about manually removing malware or sites with more than 25 pages. Or those with a Medium or High-Risk Assessment Score
Defend
  • Description: SiteLock ‘Defend’ is a combination of website threat detection, automated malware removal and blocking of website attacks. The package provides the ultimate in protection by completely removing the burden of website security from the client’s shoulders. Defend works by combining the same scanning and removal technology in the Fix package with a world-class Web Application Firewall that blocks website attacks, stops **Bad Bots, protects against the **OWASP Top 10, eliminates new SQL Injections and stops Cross Site Scripting.
  • Recommended Client: Defend is recommended for clients who utilize their website to drive business either through lead generation or online transaction. Or those with a High-Risk Assessment score
Emergency
  • Description: SiteLock Emergency is an automated one-time malware cleanup service.  It’s designed so that the domain/website is moved to the front of the SiteLock scanning queue for immediate scanning, and cleaning. 
  • Recommended Client: A Lite or Find customer who has known site breaches and doesn’t want to upgrade to a service that features automated removal. Or an existing client currently with no SiteLock services but is infected with Malware

 

All of our products are automatically configurable given that they are added onto a hosting account within your WHMCS system.

If you are looking for more information on SiteLock please visit this page, and if you have any questions please contact the Marketplace team here


**Additional Definitions
Risk Score Assessment – Score determining the likelihood of an attack by calculating more that 500 different site variables around several key factors.  More info – https://marketplace.whmcs.com/help/connect/kb/SiteLock_website_security/frequently_asked_questions/what_is_SiteLock_risk_score_assessment


SQL Injections – a technique that exploits security vulnerabilities in an application's software.  Done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database e.g., dump the database contents to the attacker).


Cross Site Scripting (XSS) - is a vulnerability of weak coding. XSS enables attackers to inject script into web pages viewed by other users (to modify the page’s appearance and/or behaviour). A cross-site scripting vulnerability may be used by attackers to bypass access controls by gaining access to a visitor’s cookies or other personal data. XSS also allows a hacker to create a page content within an existing frame. Cross-Site Scripting will usually lead to some type of phishing.


Website Application Scan – is a server level scan that finds a weakness on the server and versions of current services.  As an alert tool, the client will be alerted when the platform is outdated or there are vulnerabilities, code weakness, security policies, and protocols on the server, versions of currently running services (PHP, Apache, etc.)


Bad Bots – a database of bots maintained by Trueshield that are found to have been committing malicious crimes or are associated with malicious online activity.  When these bots try to access a website with the WAF installed they will be blocked.  Suspected bots are challenged with a Captcha.


OWASP Top 10 – Owasp.org or Open Web Application Security Project is a not-for-profit charitable organization focused on improving the security of software.  The “OWASP top Ten” represents the top 10 most current hacks that affect websites.  TrueShield keeps up to date with OWASP and will protect sites by proactive blocking of the latest hacks.