SiteLock search

How to configure SiteLock: features and settings

All Keliweb web hosting plans are provided with SiteLock, to guarantee the highest level of security to all your projects.  

SiteLock Keliweb

Founded in 2008, SiteLock is a global leader in website security and offers complete, cloud-based website protection. All SiteLock products use Cloud power, offering a 360-degree monitoring which finds and fixes threats, prevents future DDoS attacks, accelerates website performance and meets PCI compliance standards for businesses and websites of all sizes.

SiteLock protects over 12 million websites worldwide and offers a wide range of features designed to protect both your website and your business’ reputation.
Here is a short list of all advantages provide by SiteLock protection:

Malware Scan
Proactively monitors for and alerts you about any malware that is detected on your website.

Automatic malware removal
If a scan finds anything, SiteLock will safely remove any known malware automatically.

Vulnerability Scan

Automatically checks your applications to ensure they're up-to-date and secured against known vulnerabilities.

OWASP Protection

Get protection against the top 10 web app security flaws as recognised by OWASP, the Open Web Application Security Project.

SiteLock™ Trust Seal

Give your visitors added confidence by showing your website is protected by SiteLock.


The TrueShield™ Web Application Firewall protects your website against hackers and attacks.

Protect your web reputation

Daily scans help detect malware early before search engines have a chance to find it and blacklist your site.

Fast automated setup

Instant and fully automated setup gives you protection immediately without anything to install.

SiteLock firewall provides you with a higher level of security than a generic firewall.
Servers have different layers for communication. The OSI model has 7 layers. The firewall provided by most hosting companies is going to be focused on layers 3 and 4 of the OSI model. These layers are set to always allow http requests from port 80. Port 80 is set to always allow HTTP requests from web clients. This is what allows a site to be visible to the internet.
However, malware attacks today can be sent via an HTTP request through port 80. The difference between a safe request and a malicious request is the content being sent. A host's firewall does not examine the content being sent via port 80, it is merely interested on ensuring the the request is the correct type through the right port. If it is an HTTP request, it will be allowed through port 80.
A Web application firewall (WAF) works at Layer 7 of the OSI model, which is the application layer. A WAF utilizes a general rule set to determine if the content being sent is safe or malicious.
During a website scan, SiteLock downloads the relevant files via FTP to a secure server and perform scans there. There is no impact to the website content, code, bandwidth, or server resources and no software needs to be installed on the server.

Here is an overview of all services and related costs:

Option Lite Find  Fix  Defend  Emergency 
Reputation Management -
Blacklist Monitoring -
Network Scan (Port Scan) -
Verifiable Trust Seal -
SiteLock Risk Assessment -
Spam Verification -
Business Verification -
Platform Scan (WordPress) -
Pages Scanned 5 25 500 500 Unlimited
Daily Malware Scan -
SQL Injection Scan One time Daily Daily -
Cross Site Scripting (XSS) Scan One time Daily Daily -
Website Application Scan One time Daily Daily -
Automatic Malware Removal One time
Daily FTP Scanning -
File Change Monitoring -
Web Application Firewall -
Bad Bot Blocking -
SSL Support -
OWASP Top 10 Threat Protection -
SQL Injection Prevention -
Cross Site Scripting Prevention -
Light DDoS Protection -
Fine-grained security settings -
Prices (excluding VAT) Lite Find Fix Defend Emergency
Monthly Free - € 12.99 € 44.99 -
Annual Free € 21.99 € 84.99 € 259.99 -
One time - - - - € 169.99


SiteLock Lite and SiteLock Find does not require any configuration unlike SiteLock Fix and SiteLock Defend plans. There many different scans included in each product and many of them don't require any configuration because they work via HTTPS.

All services requiring configuration include SMART (Secure Malware Alert and Removal Tool) and Web application firewall (only for SiteLock Defend). To learn more about settings please go to SiteLock Dashboard.

To configure SMART, follow these steps:

  1. Log-in to your "Dashboard"
  2. Click on "Setting tab" and then on "Download setting tab"
  3. From "Download settings" click on "Use the wizard"

To configure Web application Firewall:

  1. Log-in to your "Dashboard"
  2. Click on "Trueshield configure"
  3. Read the setup instructions

SMART is the Secure Malware Alert and Removal Tool (SMART). SMART can be set to 1 of 2 settings; "Yes, automatically remove the malware found" or "No, just warn me". SMART performs an inside-out scan by connecting to the site via FTP and, making as copy of the website files to download to a SiteLock secure server. SMART is able to identify and remove coding from the files. Once the scan is complete, if malware was removed, a clean copy of the file(s) will be uploaded to the server, replacing the infected file(s). If you choose to set SMART to "No, just warn me", you will only be notified of the malware found and have the ability to review the findings inside the dashboard.

SiteLock Scanner Lite and SiteLock Find run via HTTPS and scan what is web visible. Your clients will not require any server access to use these products. For services Such as Fix and Defend they will require FTP, SFTP, or FTPS access so that SMART can access and download the website flies to the SiteLock Secure Server. Additionally, in order to utilize the WAF, clients will require access to their DNS records.

Did you find this answer helpful?

Still need help?



Request information, assistance or quotes



Ask about services and promotions



Submit a request for technical support



Make a payment in a few clicks