Sherlock Logo Sherlock

Security scanner and monitor to keep your site secure.

Checks for security vulnerabilities in your site and tells you how to fix them.

Receive an instant email notification if your site fails a security scan.

Easily schedule security scans to automatically run daily or weekly.

Sher­lock is a secur­ity scan­ner and mon­it­or to keep your site and CMS secure. An essen­tial plu­gin for any site and CMS that stores sens­it­ive or import­ant data.

Sherlock Scan

Fea­tures #

Secur­ity Tests
Sher­lock checks for secur­ity vul­ner­ab­il­it­ies on your site such as folder and file per­mis­sions, cross-ori­gin resource shar­ing, cross-site request for­gery, HTTP response head­ers, etc. and tells you how to fix them.

Encryp­ted Connections
Sher­lock ensures that your site is for­cing encryp­ted con­nec­tions both on the front-end and back-end so as to secure user data and credentials.

CMS Con­fig­ur­a­tion
Sher­lock checks all of the Craft CMS con­fig­ur­a­tion set­tings on your site to ensure that they are prop­erly con­figured and safe to use in a pro­duc­tion site.

Crit­ic­al Updates
Sher­lock runs a series of tests to ensure that your site is cor­rectly updated and will warn you about crit­ic­al secur­ity updates to the CMS, plu­gins and the PHP ver­sion run­ning on your server.

Email Noti­fic­a­tions
Receive an instant email noti­fic­a­tion if your site fails a secur­ity scan. A con­trol pan­el alert in the CMS also noti­fies you of a failed secur­ity scan.

Sched­uled Scans
Eas­ily sched­ule secur­ity scans to auto­mat­ic­ally run daily or weekly on your site with cron jobs.

Scan Details & History
View the full details of your site’s last scan, includ­ing failed tests and warn­ings. For each test you can view more details and rel­ev­ant doc­u­ment­a­tion. You can also view the full secur­ity scan his­tory of your site over time.

License #

This plu­gin requires a com­mer­cial license pur­chas­able through the Craft Plu­gin Store. The license fee is $99 plus $39 per sub­sequent year for updates (option­al).

Require­ments #

This plu­gin requires Craft CMS 3.0.0 or later.

Basic Usage #

Get­ting Star­ted #

Install the plu­gin from the Craft Plu­gin Store in your site’s con­trol pan­el or manu­ally using composer.

composer require putyourlightson/craft-sherlock

Once installed, vis­it the Sher­lock page in the con­trol pan­el to run your first secur­ity scan.