sitelock

Reseller should be signed up for the SiteLock product

Validate Upgrade

Description

Validates upgrade for a particular SiteLock Order.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
order-id Integer Required The Order ID of the SiteLock Order for which upgrade needs to be validated
new-planid Integer Required The new plan to which the Order is to be upgraded. To fetch the plan details: plan-id etc., use this method.

HTTP Method

GET

Example Test URL Request


https://test.httpapi.com/api/sitelock/validate-modify.json?auth-userid=0&api-key=key&order-id=0&new-planid=0

Response

Returns true (String) if upgrade is validated successfully.

In case of any errors, a status key with value as ERROR alongwith an error message will be returned.

Get Upgrade Price

Description

Gets the applicable upgrade price for a particular SiteLock Order.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
order-id Integer Required The Order ID of the SiteLock Order for which the details are to be fetched
new-plan-id Integer Required The new plan to which the Order is to be upgraded. To fetch the plan details: plan-id etc., use this method.

HTTP Method

GET

Example Test URL Request


https://test.httpapi.com/api/sitelock/modify-pricing.json?auth-userid=0&api-key=key&order-id=0&new-plan-id=0

Response

Returns the applicable upgrade price for a particular SiteLock Order.

Example:


{
"upgradecost":0.0,
"modifiedOrderPrice":0.0,
"endtime":"0000000000",
"remainingmonths":0,
"currentOrderPrice":0.0
}

where

  • currentOrderPrice: The current pricing of the Order for remaining months.

  • modifiedOrderPrice: New applicable pricing of the Order as per the new plan.

  • upgradecost: Actual price applicable i.e. modifiedOrderPrice - currentOrderPrice

Upgrade

Description

Upgrades an existing SiteLock order.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
order-id Integer Required The Order ID of the Order which is to be upgraded
new-plan-id Integer Required The new plan to which the Order is to be upgraded. To fetch the plan details i.e. plan-id etc, use this method.
invoice-option String Required This parameter will decide how the Customer Invoices will be handled. Values can be: NoInvoice, PayInvoice, KeepInvoice, OnlyAdd

HTTP Method

POST

Example Test URL Request


https://test.httpapi.com/api/sitelock/modify.json?auth-userid=0&api-key=key&order-id=0&new-plan-id=0&invoice-option=NoInvoice

Response

Returns a hash map containing the below details:

  • Domain Name (description)

  • Order ID of the SiteLock Order (entityid)

  • Action Type (actiontype)

  • Description of the SiteLock Order Upgrade Action (actiontypedesc)

  • Action ID of the SiteLock Order Upgrade Action (eaqid)

  • SiteLock Order Upgrade Action Status (actionstatus)

  • Description of the SiteLock Order Upgrade Action Status (actionstatusdesc)

  • Invoice ID of the SiteLock Order Upgrade Invoice (invoiceid)

  • Selling Currency of the Reseller (sellingcurrencysymbol)

  • Transaction Amount in the Selling Currency (sellingamount)

  • Unutilised Transaction Amount in the Selling Currency (unutilisedsellingamount)

  • Customer ID associated with the SiteLock Order (customerid)

Note

invoiceid, sellingcurrencysymbol, sellingamount, unutilisedsellingamount and customerid will not be returned if invoice-option is set to NoInvoice.

In case of any errors, a status key with value as ERROR alongwith an error message will be returned.

Suspending / Unsuspending an Order

Order Suspension is a useful feature available to Resellers, which they can use in the event of non-payment, fraudulent transactions, etc. In this status, the Order remains in the database but is inactive and the functionality associated with it can not be used. This Order cannot be accessed or managed, unless it is Unsuspended.

To Suspend / Unsuspend an Order

  1. Login to your Control Panel, Search for the domain name for which you have purchased this Order and go to the
    Order Information view. See details

  2. Here,

    • To Suspend the Order:

      1. Click the Suspend link.

      2. Select Suspend for Suspension and enter the Reason for Suspension.

      Note
      • The reason for Suspension will be visible to your immediate Customer/Sub-Reseller (depending upon whether the domain name belongs to your immediate Customer or your Sub-Reseller's Customer) in the Order Information view of the domain name, from within their Control Panel.

      • In case of a Weebly order, the website will be unpublished when the order is suspended.
    • To Unsuspend the Order:

      1. Click the Unsuspend Order button.

      2. Select No Restriction.

  3. Click the Update button.

Renewing, Deleting your Order

To Renew your Order

  1. Login to your Control Panel, Search for the domain name for which you have purchased this Order and go to the
    Order Information view. See details

  2. Click the Renew button.

  3. Select the duration for which you wish to Renew the Order.

  4. Click the Renew Order button.

  5. Proceed to pay for the Invoice generated for the Renewal.

Additional Information

You may enable Auto-Renewal for your Orders, so that the system automatically renews your Orders about to expire.

Auto-Renewal

Note
  • The renewal charge for your Hosting Order would include the renewal charge for any associated Add-ons that you might have purchased. If you do not wish to renew any of the Add-ons, you need to first delete it/them. Refer to the Delete Add-on article for the specific Product.

  • The orders included in a Combo Plan can be renewed independently. Renewals will be billed at regular prices for each individual order in a Combo Plan.

To Delete your Order (Anchor: delete)

  1. Login to your Control Panel, Search for the domain name for which you have purchased this Order and go to the
    Order Information view. See details

  2. Click the Delete Order link.

  3. Click the Delete Order button to complete the Deletion of this Order.

Note
  • Deletion of an Order within 30 days of purchase entitles you to a full refund of your Cost Price. The refund upon deletion will be given to you, in the form of a Credit Note.

  • You may refer to this article for information on Money Back Grace Period for Domain Names.

  • There is no Money Back Grace Period for the following Products:

    • VPS Linux

    • Dedicated Server Linux

    • Managed Server Linux

    • SiteLock

    • Combo Plans

    • Impressly

    • Weebly

    • G Suite (formerly Google Apps for Work)

SiteLock FAQs

Listed below are some Frequently Asked Questions for SiteLock.

What is SiteLock?

SiteLock is a cloud-based, website security solution for small businesses. It works as an early detection alarm for common online threats like malware injections, bot attacks etc. It not only protects websites from potential online threats, but also fixes vulnerabilities. Features include:

  • website scans to check for the presence of malicious code or vulnerabilities

  • automatic removal of any identified malicious code / malware

  • basic firewall

  • website reputation monitoring (check if the website is blacklisted in search engines and spam blacklists)

  • CDN to boost site speed, and hence rankings on search engines

Note

SiteLock is only meant for websites and not for a personal computer or laptop.

Why will an SSL certificate not suffice?

An SSL certificate is used only to encrypt a connection between the browser and server to safely transmit sensitive information. However, SiteLock actually protects the database where this information is stored, scans your website files and applications, protects from data breaches and spreading of viruses/malware. These functionalities are not provided by an SSL certificate.

How do I configure SiteLock for my website?

SiteLock is a cloud-based service and does not require any installation. Once provisioned for your website, it automatically starts scanning your website using the basic scans.

To use the advance features, some amount of configuration is required:

  • TrustSeal - requires minimal installation

  • SMART Scan - requires user to input FTP details in the SiteLock Panel

  • Firewall - requires addition of an A record

  • CDN - requires addition of a CNAME record

What is SiteLock badge or TrustSeal?

SiteLock badge or TrustSeal is a image that can be displayed on your website to assure users that your website is secure and malware-free. Since SiteLock performs all scans daily, the TrustSeal is update everyday to indicate that all scans have passed.

Note

The badge is displayed only when no issues are found during the website scan.

What is Deep 360-Degree Site Scan?

Deep 360-Degree Site Scan checks all files susceptible to threats, including .css files, .js files, .jpg, .png and other image files and others. It performs a deep scan checking for anything that could turn into a security issue.

What different types of scan are available?

Available types of scan include:

  • Daily Malware Scan

  • Daily FTP Scanning

  • Website Application Scan

  • SQL Injection Scan

  • Cross Site Scripting (XSS) Scan

All these scans are part of the Deep 360-Degree Site Scan. The availability and frequency (daily or one-time) of these scans differ from Plan to Plan. See details

In case a site is infected, will the TrustSeal display threat notification to the visitors on site?

If a scan fails, site visitors will not be alerted to any problem. The TrustSeal will simply continue to display the last date when all scans were passed. If the site owner fails to rectify the problem, within a few days SiteLock will remove the TrustSeal from the site. The TrustSeal will never indicate that a website has failed a scan.

What is SMART?

Secure Malware Alert and Removal Tool (SMART), if enabled, performs an in-depth site scan and automatically removes malicious code from files on the site. SiteLock makes calls to the web server and replicates the website files on their secure servers and scans the contents thoroughly to identify malicious code or vulnerabilities. In the course of doing this, it can also remove the malicious code from the files, to prevent further damage.

You can choose to not allow SMART to remove any code. In that case, you will only be notified of the vulnerability identified, and you will need to manually check / remove it.

Note
  • To use this tool, you need to provide your FTP information in the SiteLock panel, along with the port number. This port number will be 21 for 's Linux and Windows servers.

  • This tool uses the FTP protocol.

How will I know what changes SMART made to the website / What happens if the website breaks after SMART removed some code?

SiteLock provides a month's worth of change logs for your website. You can always restore the previous version of the page / website. You then need to manually check the highlighted code for any malicious components and remove them yourself.

What if SiteLock has incorrectly highlighted legitimate code as vulnerable / malicious?

It might be happen that certain code on the website looks vulnerable but it is still doing what you intended it to do. If so, you can use the Report a False Positive option in the SiteLock Panel and SiteLock will ignore that vulnerability moving forward.

What is the purpose of Domain Verification?

The purpose of this verification is to ensure that the user indeed owns and controls the website.

  • Domain names registered under will be automatically verified.

  • For other domain names, the verification process can be completed in one of the following ways:

    • Add DNS Records for the TrueShield setup

    • Add a meta tag to your website page

    • Upload a file to your website

    Instructions for these options are available in the SiteLock Dashboard.

What is the purpose of Business Verification?

Business verification is a service offered by SiteLock where it verifies the phone number and physical presence of a business. This is typically conducted to assure online users that a business actually exists and it is not a fly-by-night setup. This consists of:

  • Phone Verification - You need to enter your phone number in the SiteLock Panel and request a verification. Within an hour, you will receive an automated call from SiteLock and you will be provided with a 4 digit code. You then need to submit that code in the SiteLock Panel to verify your phone number.

  • Postal Address Verification - After providing your postal address in the SiteLock Panel, you will receive a letter at your postal address within 7-10 days of requesting verification. This letter will contain a 4 digit code that needs to be submitted in the SiteLock Panel to verify the physical address.

Note

If you want to display your contact information on the TrustSeal, it is necessary to verify your business details.

What is Reputation Monitoring?

SiteLock's Reputation Monitoring consists of the following components:

  • Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.

  • Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.

  • SSL Verification: SiteLock examines the site's SSL certificate to verify

    • Encryption strength

    • Certification Authority

    • Certificate expiry

    • Validity of name / domain name

What type of a Firewall is offered by SiteLock and how to set it up?

SiteLock offers a basic firewall to help block bot traffic which may harm the website. On logging into the SiteLock Dashboard, you can see a graph of your website's traffic which reports human visits and bot visits.

To use SiteLock's Firewall, you need to add an A record to your domain name in order to point to SiteLock's servers where the Firewall is installed. This way, all traffic coming to the website is routed through the Firewall.

How is traffic routed back to the website after going through the Firewall?

You are required to specify the IP address of your website in the SiteLock Panel so that after routing your traffic through the Firewall, SiteLock can divert it back to your website.

Can I configure the Firewall?

The Firewall is pre-configured, and no options are available within the SiteLock Panel to manage it. However, in the higher end Plans, users can configure certain aspects of the Firewall.

Will SiteLock's Firewall block bots of search engines also?

Search engines use spiders to crawl and index websites. SiteLock's Firewall can distinguish good bots from bad bots and hence will not block search engines from indexing the site.

What is a Content Delivery Network (CDN) ?

A Content Delivery Network is a set of servers, spread across the world that cache your website. When a user requests your website, the server closest to the user's location will serve those requests. This in turn serves the website faster, thus speeding up its performance.

Note

Faster load times not only improve user experience but also contribute to better website ranking, as search engines take load time into account while ranking a website.

How can I set up CDN for my website?

You need to add a CNAME record to a sub-domain (www.mysite.com) to redirect to SiteLock's CDN.

Note

A CNAME record should always be added to a sub-domain and not the primary domain, as it might clash with an MX record set up on the primary domain, thus hampering the email.

Does SiteLock send any alerts to the Customer or the domain name owner?

No. All notifications are sent from our system with your branding.


Customer Sub-Reseller
Mail
Purchase
Renew
Threat
SMS
Threat

What products is SiteLock compatible with?

SiteLock is compatible with all types of hosting purchased either from or elsewhere.

Can I use a single SiteLock Order for multiple domain names?

No. A single SiteLock Order can be used for only a single domain name. Hence, separate SiteLock Orders need to purchased for domain names individually. However, all SiteLock Orders belonging to the same user can be managed from a single SiteLock Panel.

Can the SiteLock Panel be accessed directly through a URL?

There is no way to access the SiteLock Panel directly through any URL. It can only be accessed from the SiteLock Management page from within the Reseller / Customer Control Panel.

Is there a Money Back Guarantee for SiteLock Orders?

We are not offering any Money Back Guarantee for SiteLock Orders.

How can the SiteLock Order be upgraded or downgraded?

You can upgrade or downgrade your SiteLock Order by following the steps in the link below.

Upgrading / Downgrading an Order

What steps need to taken on receiving a threat alert?

On receiving a threat alert, login to the SiteLock Panel and view the details of the threat. Then, you may:

  • contact the website developer to fix the affected code;

  • use SMART for auto-removal of the malware;

  • check if all the applications and scripts are up to date. Judiciously use the third-party plug-ins and disable them, wherever possible.

    • I recently signed up for SiteLock and noticed that I am getting some empty submissions from some of the forms on my web site (Contact us, etc.)

      SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to exploit these forms to gain access to your data. This will result in attempts to submit forms on your website with encoded data.

      If you wish to stop receiving these e-mails or entries, you may want to do some validation on the fields within your form to ensure that data is being submitted in the correct formats before triggering e-mails or database inputs. Since SiteLock inserts data that would not likely be valid for any fields on your site, these validation measures should stop you from getting these empty e- mails or entries. It is also a good coding and security practice to make sure your website visitors are providing the correct data in the expected formats.

SiteLock Plan Details

The various SiteLock Plans offered by and their specifications are listed below:

Elements Plan I Plan II Plan III Plan IV
360 Degree Scan and Network Security
Number of Pages 25 100 500 2500
Daily Malware Scan
Network Scan
TrustSeal
Daily FTP Scan
Automatic Malware Removal
File Change Monitoring
Website Application Scan 1-time 1-time
SQL Injection Scan 1-time 1-time
Cross Site Scripting (XSS) 1-time 1-time
Trueshield Firewall
Security Alerts
Use of Global Network to Identify Malicious Behaviour
Block Bad Bot Attacks
Search Engine Access
Comment Spam Elimination
CAPTCHA Security
Block Content "Scraping"
Blacklist Monitoring
Search Engine Blacklist Monitoring
Spam Verification
SSL Verification
Business Verification
Phone Number Verification
Postal Address Verification
TrueSpeed CDN
Unlimited Bandwidth
Global CDN
Caching of Static Content
Compression if Static Content
Content Minification
Image Optimization
Note

SSL-enabled websites are not compatible with the Basic Firewall and CDN that is included for Free in every plan. However, the scans will work as expected for such websites.

Major components of SiteLock Plans

Domain Verification

  • Upon purchasing a SiteLock Order, the associated domain name needs to be verified, in order to ascertain that the user indeed owns and controls this website.

  • Domain names registered under will be automatically verified.

  • For other domain names, the verification process can be completed in one of the following ways:

    • Add DNS Records for the TrueShield setup

    • Add a meta tag to your website page

    • Upload a file to your website

    Instructions for these options are available in the SiteLock Dashboard.

Note

While all other scans will work even if the domain name has not been verified, the TrustSeal cannot be displayed on the website and an Application Scan cannot be conducted.

Website Scanning

SiteLock performs two types of scans to detect malware and vulnerabilities on the website:

  • Outside-In scan: A basic scan that checks for malware present on the website pages, like external redirects, hidden links, obfuscated JavaScript, links to known malware sites, etc.

  • Inside-Out scan (FTP scan): An in-depth scan that downloads the website files on SiteLock's servers and checks for malicious code.

    Note
    • This scan is not available in the lowest Plan.

    • FTP details of the website need to be provided in order to run this scan.

Secure Malware Alert and Removal Tool (SMART)

  • Using the FTP scan, SMART can automatically remove malicious code found on the website.

  • The user has the option of enabling or disabling automatic malware removal.

  • If enabled, SiteLock maintains the website's change logs for a month.

Note

This scan is not available in the lowest Plan.

Security Badge or TrustSeal

Website owners can choose to install and display a Security Badge or TrustSeal on their website to assure users that their website is secure and malware-free. Since SiteLock performs all scans daily, the TrustSeal is update everyday to indicate that all scans have passed.

Note

The badge is displayed only when no issues are found during the website scan.

Business Verification

  • Business verification is conducted by the SiteLock team, where the website owner is ratified for his actual physical presence and includes

    • Postal Address Verification, which ensures that the site owner can receive and respond to postal mail, such as customer payments or inquiries, and

    • Phone Verification, which ensures that the number mentioned is actually manned by a team and customers can report issues or request additional products or services.

  • The business verification is required in order to display your physical address and phone number on the TrustSeal.

Application Scanning

  • Scans applications above the level of operating system, that have been installed by the website owner, like Drupal, Joomla!, Wordpress, PHP Nuke, vBulletin, etc.

  • Checks for vulnerabilities in the software and recommends upgrades, if older versions, which are known to have security loopholes, are being used.

TrueShield Firewall

  • It protects websites from malicious traffic and blocks harmful requests.

  • Website owners need to add an A record to point to SiteLock’s firewall so that all traffic is routed through the firewall.

Reputation Monitoring

SiteLock's Reputation Monitoring scans consists of the following components:

  • Search Engine Blacklists: SiteLock monitors if any page or link on the website is listed in the blacklists maintained by search engines or matches with their database of over 7000 known malware sites.

  • Spam Blacklists: SiteLock checks if the email server is listed as a spammer on leading blacklists so as to prevent emails from being marked as spam.

  • SSL Verification: SiteLock examines the site's SSL certificate to verify

    • Encryption strength

    • Certification Authority

    • Certificate expiry

    • Validity of name / domain name

TrueSpeed CDN

  • A Content Delivery Network is a system of globally distributed servers that cache website content and serve it from the nearest server to a visitor.

  • A CDN is effective in speeding up load time and performance of a site. This also helps to boost organic ranking.

  • Website owners need to add a CNAME record to a subdomain to redirect traffic through SiteLock’s CDN.

Process Threat Notifications

Description

Processes the specified threat notifications.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
notification-id Array of Integers Required Notification ID of the threat notifications which needs to be processed. Use this method to get the Notification ID(s).
reseller-id Integer Optional Reseller ID of the Reseller for whom threat notifications are to be processed. By default, threat notifications for the current user will be processed.

HTTP Method

POST

Example Test URL Request


https://test.httpapi.com/api/sitelock/threat/processed.json?auth-userid=0&api-key=key&notification-id=0

Response

Returns true (String) if the threat notification(s) is/are processed successfully.

In case of any errors, a status key with value as ERROR alongwith an error message will be returned.

Get Threat Notifications

Description

Gets a list of pending threat notifications.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
reseller-id Integer Optional Reseller ID of the Reseller for whom threat notifications are to be retrieved. By default, threat notifications for the current user will be retrieved.

HTTP Method

GET

Example Test URL Request


https://test.httpapi.com/api/sitelock/threat/pending.json?auth-userid=0&api-key=key

Response

Returns a hash map containing the below details:

  • Customer ID of the Customer for whom threat notifications are pending (customerId)

    • Domain name for which threat notifications are pending (domainName)

      • Creation time for the threat notification (creationTime)

      • Notification ID associated with the threat notification (notificationId)

In case of any errors, a status key with value as ERROR alongwith an error message will be returned.

The response structure will be:


{
"account":
[
{
"customerId":0,
"website":
[
{
"domainName":"domain1.com",
"notification":
[
{
"creationTime":1398758909871,
"notificationId":2
}
]
},
{
"domainName":"domain2.com",
"notification":
[
{
"creationTime":1398759150807,
"notificationId":3
}
]
}
]
},
{
"customerId":1,
"website":
[
{
"domainName":"domain3.com",
"notification":
[
{
"creationTime":1398759334814,
"notificationId":4
}
]
}
]
}
]
}

Handle Threat Notifications

The OrderBox system sends out SiteLock threat notification emails to your Customers, if the Product Mails have been enabled for them. However, the Customers will not be notified of the threats if these mails are disabled for them. You need to handle the threat notifications as explained below in such cases:

  1. Fetch a list of pending threat notifications from the OrderBox system.

  2. Run a cron to send out mail alerts to your Customers, based on the data received from step 1.

  3. Use the Notification ID(s) received from step 1 to inform the OrderBox system that Customers have been notified about the specified threats.