Pricing | Stonegate Web Security

Site Security

One-time services to assess, harden, or recover your website — with clear findings, fixed pricing, and no ongoing commitment required.

Website Health & Security Scan

If you're not sure how healthy or secure your site is, this scan gives you a complete, plain-English assessment and action plan.

What you get

Complete security, software, and vulnerability analysis
Manual investigation, verification, and cross-checking — far deeper than automated scans.
Full page speed, backup integrity, and crawl health review
Root-cause diagnosis, misconfiguration detection, and impact explanation.
AI & GEO visibility scoring
Evaluation of how clearly search engines and AI tools understand your business.
Plain-English executive summary & prioritized action plan
Clear fixes, business-impact explanation, and a step-by-step roadmap.

AI & GEO Visibility Audit

If your site looks fine but new customers still can't find you, this audit shows how clearly search engines and AI tools understand your business, your services, and how your pages connect to them.

What you get

Stonegate GEO Site Score (0–100)
A clear score showing how understandable your site is to AI systems — benchmarked against a fully 'GEO-ready' site.
Page-by-page identity graph audit
Maps how AI systems see your site's identity: which pages point to your business, which don't, and which signals conflict.
Deep review of key pages in AI-driven search
Analysis of your highest-value pages and how clearly they appear in AI search results.
Structured data, sitemap, and linking analysis
Review of schema, sitemaps, and internal linking to see how well they reinforce your business identity.
Top 5 priority improvements
Plain-English action list your developer or writer can implement immediately.

New Site Security Launch Setup

If you're launching a new or redesigned site, this ensures your site is fully hardened, backed up, monitored, and safe before you send real customers to it.

What's included

Correct SSL, firewall, and login protection configuration
We validate SSL enforcement, brute-force protection, lockouts, and firewall rules — not just configure them.
Verified backup, restore, and uptime monitoring setup
We ensure backups actually work, retention is correct, and uptime monitoring alerts are set up properly before launch.
Manual review of security headers and core hardening settings
We manually check your security headers, permissions, directory exposure, and critical hardening steps.
Human-reviewed launch readiness checklist
Clear checklist of issues to fix before going live so you launch safely and confidently.

Urgent

Emergency Recovery

If your site is hacked, infected, defaced, or blacklisted, this provides fast expert clean-up, containment, and full restoration so your business can get back online safely.

What we do

Immediate malware removal and site clean-up
Quick identification and removal of malicious files, injected code, and unauthorized changes.
Full restoration from clean backup when possible
If available, restoration from a verified clean backup with functionality verification.
Forensic review to identify the entry point
We find the likely cause — vulnerable plugin, weak credential, outdated software — so it doesn't recur.
Lockdown of attack paths and full security hardening
Admin access lockdown, vulnerability patching, software updates, and configuration hardening.
Optional transition into ongoing protection
If you prefer long-term protection, we can shift you into a monthly plan so the problem doesn't return.

Email Deliverability

Whether you just need authentication fixed or require full reputation building, these services ensure your emails actually reach inboxes.

Authentication Fix

If your emails are landing in spam, showing warning banners, or failing after forwarding — but your domain has existing sending history — this repairs the SPF, DKIM, DMARC, and routing issues breaking trust with Gmail and Outlook.

What you get

Complete SPF, DKIM, and DMARC audit & correction
Deep header analysis to pinpoint breaks between mail hops — far beyond basic DNS checks.
ARC and forwarding-path analysis
Diagnosis of hidden failures that break authentication when emails are forwarded or relayed.
Repair of contact forms, routing issues, and mismatched sending domains
Fixes for the overlooked senders that quietly damage your domain reputation.
Before/after deliverability tests with verified results
Proof that authentication is working, not just configured.

Comprehensive Email Deliverability

If you're launching a new domain, recovering from reputation damage, or your emails land in spam despite correct authentication — this builds the sending reputation inbox providers require before they'll trust you.

What you get

Full authentication audit & fixes (SPF, DKIM, DMARC)
Everything in the Authentication Fix — verified and aligned before warm-up begins.
30-day managed warm-up with controlled volume ramp
Professional warm-up network builds engagement signals Gmail, Microsoft, and Yahoo look for.
Weekly monitoring and adjustment
I watch for bounce spikes, placement issues, and reputation stalls — adjusting before they become problems.
Transition guidance and 14-day post-completion support
Clear guidance on maintaining reputation: recommended volumes, practices to avoid, and warning signs.

How are these services different from your free checks?

Our free checks are quick automated snapshots — they show surface-level signals but don’t include manual review, diagnosis, or a prioritized plan. These one-time services are hands-on, expert-led audits. A human reviews the results, verifies issues, explains what they mean in plain English, and gives you a clear order of what to fix first.

Do you need logins or backend access for these services?

For most one-time services (like the AI & GEO Visibility Audit or the Website Health & Security Scan), we do not need logins. We review your public site from the outside.

For email services, we’ll need access to your DNS provider to verify and correct records. For the Comprehensive Email Deliverability package, we’ll also need temporary access to connect your mailboxes to the warm-up service.

For Emergency Recovery, if your site is hacked or defaced, we may request secure, temporary access to safely clean up malware and restore from backups.

Will you actually fix issues, or just tell me what's wrong?

For audits, you receive:

Verified findings
Plain-English explanation
A prioritized list of fixes
A roadmap you can hand to your developer

If you’d like Stonegate to implement the fixes for you, we can either quote that as a follow-up project or move you into an ongoing protection plan.

How fast can you deliver these one-time services?

Typical turnaround times are:

Emergency Recovery: Same day (often within hours)
Website Health & Security Scan: 1–2 business days
AI & GEO Visibility Audit: 1–2 business days
New Site Security Launch Setup: Scheduled before your go-live
Authentication Fix: 1–2 business days (plus DNS propagation)
Comprehensive Email Deliverability: 30-day managed process

If you’re in crisis (hacked, blacklisted, or down), we prioritize you.

Is this a penetration test?

No. These services are non-intrusive audits and reviews, not penetration tests.

We don’t run exploit tools or attempt to break into your site. Instead, we focus on the things that matter most to small businesses: configuration mistakes, missing protections, weak visibility in AI/search, and whether your backups and security will actually protect you when something goes wrong.

What happens after the one-time service is done?

You keep the report, findings, and action plan — they’re yours to use however you want.

Many businesses choose to:

Have their existing developer implement the fixes, or
Move into a Stonegate monthly protection plan so we can handle fixes, monitoring, and ongoing security for them.

Most clients start with a one-time service, then stay for ongoing protection once they see the value.

Which email service do I need — Authentication Fix or Comprehensive?

Authentication Fix is right if your domain has been sending email for a while but something broke — emails suddenly going to spam, warning banners appearing, or forwarding failures. The problem is usually misconfigured DNS records, and fixing them restores deliverability quickly.

Comprehensive Email Deliverability is right if you’re starting fresh (new domain, new email provider) or recovering from serious reputation damage. Even perfect authentication won’t help if inbox providers don’t trust you yet — that takes 30 days of controlled warm-up to build.

Not sure? If your domain is less than 90 days old or you’ve had a security incident that affected email, start with Comprehensive. Otherwise, Authentication Fix is usually enough.

Can I just do the Authentication Fix first and add warm-up later if needed?

You can, but it’s often more expensive that way. The Comprehensive package includes everything in the Authentication Fix, so you’re not paying twice for the same audit work.

If you’re genuinely unsure whether you need warm-up, start with the Authentication Fix. If deliverability doesn’t improve within a week of the fixes propagating, we can credit what you paid toward the Comprehensive package.

Want ongoing protection after this?

Explore our monthly plans →