SiteLock: Understanding Scan Results
This article explains how to interpret scan results in Site Protection powered by SiteLock. It describes the types of issues identified during scans, what the results indicate, and how to review findings in the SiteLock dashboard.
SiteLock regularly scans your website to help protect it from malware, vulnerabilities, and other security threats. After each scan, results are shown in your SiteLock dashboard. While these results can look technical, understanding them doesn’t have to be complicated.
On this page
- Overview of SiteLock scans
- SMART Database Scan
- SMART File Scan
- Vulnerability Scan
- Webpage Scan
- How to prioritise scan issues
- Final tips for managing SiteLock scan results
Overview of SiteLock scans
SiteLock runs different types of scans, each focusing on a specific area of your website:
- SMART Database Scan
- SMART File Scan
- Vulnerability Scan
- Webpage Scan
NOTE. Firewall & CDN is only available in the Site Protection Premium plan.
Each scan produces results that indicate whether issues were found and how serious they are.
SMART Database Scan
What this scan does
The SMART Database Scan checks your website’s database tables for known malware and spam content. This scan is on‑demand, meaning it only runs when you manually start it from the dashboard.
Understanding the results
The scan results may show:
- The current scan status
- The platform being scanned
- A list of any malicious or spam entries found in the database
Depending on your settings, SiteLock may automatically remove detected threats or simply notify you.
What to do
If malware or spam is detected, review the findings and ensure the affected database entries are cleaned or removed.
SMART File Scan
What this scan does
The SMART File Scan runs daily and checks all files in your website directory. It compares your files against a large database of known malware signatures and removes malicious code while leaving legitimate content intact.
Understanding SMART results is straightforward. Each scan shows the total number of files checked, any changes since the previous scan, and any malicious or suspicious files detected.
Key scan result terms explained
You may see the following in your results:
- Files Scanned – Total number of files checked
- Files Added – New files detected since the last scan
- Files Modified – Existing files that changed
- Files Delisted – Files removed from the server
- Malicious Files Cleaned – Files successfully cleaned
- Malicious Files Found – Threats detected but not cleaned (often due to permissions)
- Suspicious Files Found – Files that look unusual but are often false positives
- Files Under Review – Files being manually reviewed by SiteLock’s team
What to do
Investigate any uncleaned malicious files and ensure your file permissions allow SiteLock to make changes.
Vulnerability Scan
What this scan does
The Vulnerability Scan checks your CMS, plugins, themes, and extensions for known security weaknesses. These vulnerabilities don’t always mean your site is hacked — but they increase risk if left unresolved.
Types of vulnerabilities you may see
- Platform vulnerabilities (outdated CMS, plugins, or themes)
- SQL Injection (SQLi) risks
- Cross‑Site Scripting (XSS) risks
Each finding includes severity details and recommended steps to fix the issue.
What to do
Keep your CMS and plugins updated. Most vulnerabilities are resolved by installing the latest versions.
Webpage Scan
What this scan does
The Webpage Scan examines your live website pages and checks them against internal and third‑party security databases (such as search engines and blacklist providers) to detect malware.
Understanding the results
The scan shows:
- Total pages reviewed
- A list of affected URLs (if malware is found)
- Malware type and severity
- A small sample of detected malicious code
What to do
If this scan detects malware, SiteLock recommends contacting support for proper cleanup steps.
How to prioritise scan issues
Not all findings are equally urgent. Use severity levels as your guide:
- Low – Informational or minor issues
- Medium – Should be fixed soon
- High – Serious security risks requiring immediate attention
Always address high‑severity issues first to reduce risk.
Final tips for managing SiteLock scan results
- Review scan results regularly
- Address vulnerabilities promptly
- Keep backups of your website
- Limit admin access and use strong passwords