Sherlock is a security scanner and monitor to keep your Craft CMS site secure. An essential plugin for any site that stores sensitive or important data and that should be protected from cyber attacks.

Sherlock 3 has been released, read the announcement.

Read the article on Securing Your Craft Site in 2021—Part 1, Part 2.

Features

Security Scans
Sherlock scans your site for security vulnerabilities such as incorrect file and folder permissions, cross-origin resource sharing, cross-site request forgery, HTTP response headers, etc. and tells you how to fix them.

Encrypted Connections
Sherlock ensures that your site is forcing encrypted connections both on the front-end and back-end so as to secure user data and credentials.

Critical Updates
Sherlock runs a series of tests to ensure that your site is correctly updated and will warn you about critical security updates to the CMS, plugins and the PHP version running on your server.

CMS Configuration
Sherlock checks all of the Craft CMS configuration settings on your site to ensure that they are properly configured and safe to use on a production site.

Scheduled Scans
Easily schedule security scans to automatically run daily or weekly on your site with cron jobs.

Scan Details & History
View the full details of your site's last scan, including failed tests and warnings. For each test you can view more details and relevant documentation. You can also view a security scan history of your site over time.

Sherlock security scan results are determined by a set of criteria used by the plugin's standard/high security level setting. This is only a guideline and cannot ensure that your site and server are 100% secure. The security of every site is solely the responsibility of the site owner.

Plus Edition

The Plus edition adds the following features:

Monitoring
With monitoring enabled, you receive instant email notifications if your site fails a security scan. A control panel alert in the CMS also notifies you of a failed security scan.

Restrict Control Panel Access
Restrict access to the control panel to specific IP addresses. This is important to be able to do if you ever suspect that an account has been compromised.

Restrict Front-end Access
Restrict access to the control panel to specific IP addresses. This is important to be able to do if you ever find your site under attack.

API
Allows you to run and access previously run scans through the API.

Pro Edition

The Pro edition adds the following features:

Integrations
Sherlock can integrate with third-party error monitoring tools including Bugsnag, Rollbar and Sentry. It is also possible to add your own integrations using a module or plugin.

Learn more and read the documentation at putyourlightson.com/plugins/sherlock »


Lite

Free

Plus

$199

Price includes 1 year of updates.
$99/year per site for updates after that.

  • Monitoring
  • Restrict access to CP
  • Restrict access to site
  • API

Pro

$299

Price includes 1 year of updates.
$149/year per site for updates after that.

  • Integrations
  • Setup Support

Package Name

To install this plugin, search for its package name on the Plugin Store and click “Install”.


Information

Report an issue