Stepping Up Security with Sherlock 3

January 20, 2021
by Ben Croker

Security is one of those things that can be difficult to prioritise on a client project. Today we released Sherlock 3 which aims to change that. It’s time to start taking security seriously.

Sherlock scan result

Editions #

The biggest change in Sherlock 3 is the addition of editions. The Lite edition is free, so now everyone can install Sherlock and run a scan to instantly see how their site security fares against Sherock’s standard and high security scans.

Lots of new tests have been added to the security scans. Multi site functionality has been added so you can now run scans for each site individually. You can add new security headers in the plugin settings and easily set up a Content Security Policy.

Content Security Policy

Monitoring #

The Plus edition (what was previously the Standard edition), at $299, adds an API layer, as well as the ability to monitor your site by running regular scheduled scans and notifying you immediately about a failed scan. This is an important part of the critical update notifications strategy. With the Plus edition, you can also restrict specific IP addresses from accessing the control panel and the front-end site. This is important if you ever find your site under attack or that an account has been compromised.

Sherlock monitor

Integrations #

The Pro edition, at $499, adds integrations with third-party error monitoring tools. Error monitoring tools can notify you immediately of any errors that occur on your site, making it easier to review and react to issues with your code which may otherwise go unnoticed. Sherlock 3 comes with integrations for Bugsnag, Rollbar and Sentry. Adding more integrations is relatively straightforward and it is easy to add your own integrations using a module or plugin.

Error monitoring

With this major version release of Sherlock, we want to put basic security in the hands of all Craft developers. There is now no excuse not to install the plugin, run a scan and deal with any reported issues. Before you get put off by that last part, know that Sherlock tells you not only what should be fixed, but how. This may turn out to be the most important 15 minutes of development time you’ll spend on the entire site!

Sherlock 3 is in the Craft plugin store and runs on Craft version 3.1.0 and above. Vew the full changelog.