Sherlock is a security scanner and monitor to keep your site and CMS secure.

Licenses for Sherlock purchased from StraightUpCraft can be transferred to the plugin store for free. To do so, please forward your purchase confirmation email to us and we'll send you a new license key. Annual renewal fees still apply after 1 year.

Security Tests
Sherlock checks for security vulnerabilities on your site such as folder and file permissions, cross-origin resource sharing, cross-site request forgery, HTTP response headers, etc. and tells you how to fix them.

Encrypted Connections
Sherlock ensures that your site is forcing encrypted connections both on the front-end and back-end so as to secure user data and credentials.

CMS Configuration
Sherlock checks all of the Craft CMS configuration settings on your site to ensure that they are properly configured and safe to use in a production site.

Critical Updates
Sherlock runs a series of tests to ensure that your site is correctly updated and will warn you about critical security updates to the CMS, plugins and the PHP version running on your server.

Email Notifications
Receive an instant email notification if your site fails a security scan. A control panel alert in the CMS also notifies you of a failed security scan.

Scheduled Scans
Easily schedule security scans to automatically run daily or weekly on your site with cron jobs.

Scan Details & History
View the full details of your site's last scan, including failed tests and warnings. For each test you can view more details and relevant documentation. You can also view the full security scan history of your site over time.


Price includes 1 year of updates.
$49/year per site for updates after that.

Package Name

To install this plugin, search for its package name on the Plugin Store and click “Install”.


  • Version 2.2.5
  • Last Update 8/24/2020
  • Active Installs 80
  • Compatibility Craft 3
  • License Craft
  • Categories Security, Control Panel

Report an issue