Craft CMS Security

Secure and manage all of your Craft CMS sites from a single dashboard.
Free for all users of the Sherlock Plugin.

Craft Sherlock is a web app that enables you to secure and monitor of all of your sites built on Craft CMS.
It is free to use for all users of the Craft Sherlock Plugin.

The Craft Sherlock web app has been discontinued as of the 16th of October 2018.
The plugin is now available in the official Craft Plugin Store.

Features

Dashboard

View the security status of all of your sites from a single dashboard. Run security scans directly from the dashboard, or click on a site to view all of it's security scans.

Email Notifications

Receive an instant email notification if your site fails a security scan. A control panel alert in the CMS also notifies you of a failed security scan.

Scheduled Scans

Easily schedule security scans to automatically run daily or weekly on your site. No need to set up multiple cron jobs on your server.

Scan Details & History

View the full details of your site's last scan, including failed tests and warnings. For each test you can view more details and relevant documentation. You can also view the full security scan history of your site over time.

Security Tests

Sherlock checks for security vulnerabilities on your site such as folder and file permissions, cross-origin resource sharing, cross-site request forgery, HTTP response headers, etc. and tells you how to fix them.

Encrypted Connections

Sherlock ensures that your site is forcing encrypted connections both on the front-end and back-end so as to secure user data and credentials.

CMS Configuration

Sherlock checks all of the Craft CMS configuration settings on your site to ensure that they are properly configured and safe to use in a production site.

Critical Updates

Sherlock runs a series of tests to ensure that your site is correctly updated and will warn you about critical security updates to the CMS, plugins and the PHP version running on your server.

Dashboard

View the security status of all of your sites from a single dashboard. Run security scans directly from the dashboard, or click on a site to view all of it's security scans.

Scan Details

View the full details of your site's last scan, including failed tests and warnings. For each test you can view more details and relevant documentation.

Scan History

View the full security scan history of your site over time.