Pricing

Site Security

One-time services to assess, harden, or recover your website — with clear findings, fixed pricing, and no ongoing commitment required.

Website Health & Security Scan

If you're not sure how healthy or secure your site is, this scan gives you a complete, plain-English assessment and action plan.

What you get
  • Complete security, software, and vulnerability analysis
    Manual investigation, verification, and cross-checking — far deeper than automated scans.
  • Full page speed, backup integrity, and crawl health review
    Root-cause diagnosis, misconfiguration detection, and impact explanation.
  • AI & GEO visibility scoring
    Evaluation of how clearly search engines and AI tools understand your business.
  • Plain-English executive summary & prioritized action plan
    Clear fixes, business-impact explanation, and a step-by-step roadmap.

Flat price covers a standard small-business site: one domain, up to 25 pages, no online payments. Larger, e-commerce, or regulated (finance/health) sites — request a quote.

AI & GEO Visibility Audit

If your site looks fine but new customers still can't find you, this audit shows how clearly search engines and AI tools understand your business, your services, and how your pages connect to them.

What you get
  • Stonegate GEO Site Score (0–100)
    A clear score showing how understandable your site is to AI systems — benchmarked against a fully 'GEO-ready' site.
  • Page-by-page identity graph audit
    Maps how AI systems see your site's identity: which pages point to your business, which don't, and which signals conflict.
  • Deep review of key pages in AI-driven search
    Analysis of your highest-value pages and how clearly they appear in AI search results.
  • Structured data, sitemap, and linking analysis
    Review of schema, sitemaps, and internal linking to see how well they reinforce your business identity.
  • Top 5 priority improvements
    Plain-English action list your developer or writer can implement immediately.

Flat price covers a single site of up to 20 key pages. Larger sites, multiple locations, or many service pages — request a quote.

Email Deliverability

Whether you just need authentication fixed or require full reputation building, these services ensure your emails actually reach inboxes.

Authentication Fix

If your emails are landing in spam, showing warning banners, or failing after forwarding — but your domain has existing sending history — this repairs the SPF, DKIM, DMARC, and routing issues breaking trust with Gmail and Outlook.

What you get
  • Complete SPF, DKIM, and DMARC audit & correction
    Deep header analysis to pinpoint breaks between mail hops — far beyond basic DNS checks.
  • ARC and forwarding-path analysis
    Diagnosis of hidden failures that break authentication when emails are forwarded or relayed.
  • Repair of contact forms, routing issues, and mismatched sending domains
    Fixes for the overlooked senders that quietly damage your domain reputation.
  • Before/after deliverability tests with verified results
    Proof that authentication is working, not just configured.

Comprehensive Email Deliverability

If you're launching a new domain, recovering from reputation damage, or your emails land in spam despite correct authentication — this builds the sending reputation inbox providers require before they'll trust you.

What you get
  • Full authentication audit & fixes (SPF, DKIM, DMARC)
    Everything in the Authentication Fix — verified and aligned before warm-up begins.
  • 30-day managed warm-up with controlled volume ramp
    Professional warm-up network builds engagement signals Gmail, Microsoft, and Yahoo look for.
  • Weekly monitoring and adjustment
    I watch for bounce spikes, placement issues, and reputation stalls — adjusting before they become problems.
  • Transition guidance and 14-day post-completion support
    Clear guidance on maintaining reputation: recommended volumes, practices to avoid, and warning signs.

Quote-Based Engagements

Variable-scope work where an honest flat price isn't possible. You get a clear, fast quote before any major work begins — no open-ended billing.

Urgent

Emergency Recovery

If your site is hacked, infected, defaced, or blacklisted, we start immediately with triage and containment to stop the damage — then give you a full remediation quote within the first hour. We don't quote recovery as a flat price sight-unseen, because scope ranges enormously: a single injected file is a very different job than a multi-site portfolio compromise.

What you get
  • Fixed triage & containment fee — credited 100% toward your remediation
    You pay one known, upfront fee to get started — and it comes straight off your remediation total.
  • Immediate containment to stop active damage and spread
    We isolate the compromise quickly so the situation stops getting worse while we assess.
  • Rapid scope assessment across every affected site
    We confirm how many sites, files, and entry points are involved before quoting.
  • Full remediation quote within the first hour — you know the total cost fast
    A clear, itemized remediation quote within the hour — no open-ended hourly surprises.
  • Malware removal, entry-point forensics, and lockdown once approved
    Once approved, we remove malware, patch the entry point, and harden access — then can move you into ongoing protection.

$299 is a fixed triage & containment fee, credited 100% toward your full remediation. You'll have the complete remediation cost within the first hour — no open-ended billing.

New Site Security Launch Setup

If you're launching a new or redesigned site, this ensures your site is fully hardened, backed up, monitored, and safe before you send real customers to it. Final price varies with your platform, the complexity of the build, and how many sites you're launching.

What's included
  • Correct SSL, firewall, and login protection configuration
    We validate SSL enforcement, brute-force protection, lockouts, and firewall rules — not just configure them.
  • Verified backup, restore, and uptime monitoring setup
    We ensure backups actually work, retention is correct, and uptime monitoring alerts are set up properly before launch.
  • Manual review of security headers and core hardening settings
    We manually check your security headers, permissions, directory exposure, and critical hardening steps.
  • Human-reviewed launch readiness checklist
    Clear checklist of issues to fix before going live so you launch safely and confidently.
Our free checks are quick automated snapshots — they show surface-level signals but don’t include manual review, diagnosis, or a prioritized plan. These one-time services are hands-on, expert-led audits. A human reviews the results, verifies issues, explains what they mean in plain English, and gives you a clear order of what to fix first.

For most one-time services (like the AI & GEO Visibility Audit or the Website Health & Security Scan), we do not need logins. We review your public site from the outside.

For email services, we’ll need access to your DNS provider to verify and correct records. For the Comprehensive Email Deliverability package, we’ll also need temporary access to connect your mailboxes to the warm-up service.

For Emergency Recovery, if your site is hacked or defaced, we may request secure, temporary access to contain the incident and, during remediation, safely clean up malware and restore from backups.

For audits, you receive:

  • Verified findings
  • Plain-English explanation
  • A prioritized list of fixes
  • A roadmap you can hand to your developer

If you’d like Stonegate to implement the fixes for you, we can either quote that as a follow-up project or move you into an ongoing protection plan.

Incident response scope ranges enormously — from a single injected file on one small site to a coordinated, multi-site portfolio compromise. Quoting a flat “recovery” price sight-unseen would either overcharge simple cases or fall short on serious ones.

Instead, you pay one fixed triage & containment fee to get started immediately. We contain the incident, assess the full scope, and give you a complete remediation quote within the first hour — and your triage fee is credited 100% toward that remediation. You get speed and a known total cost, fast.

Typical turnaround times are:

  • Emergency Recovery: Triage & containment starts within hours; your full remediation timeline is confirmed in the first-hour quote
  • Website Health & Security Scan: 1–2 business days
  • AI & GEO Visibility Audit: 1–2 business days
  • New Site Security Launch Setup: Scheduled before your go-live
  • Authentication Fix: 1–2 business days (plus DNS propagation)
  • Comprehensive Email Deliverability: 30-day managed process

If you’re in crisis (hacked, blacklisted, or down), we prioritize you.

No. These services are non-intrusive audits and reviews, not penetration tests.

We don’t run exploit tools or attempt to break into your site. Instead, we focus on the things that matter most to small businesses: configuration mistakes, missing protections, weak visibility in AI/search, and whether your backups and security will actually protect you when something goes wrong.

You keep the report, findings, and action plan — they’re yours to use however you want.

Many businesses choose to:

  • Have their existing developer implement the fixes, or
  • Move into a Stonegate monthly protection plan so we can handle fixes, monitoring, and ongoing security for them.

Most clients start with a one-time service, then stay for ongoing protection once they see the value.

Authentication Fix is right if your domain has been sending email for a while but something broke — emails suddenly going to spam, warning banners appearing, or forwarding failures. The problem is usually misconfigured DNS records, and fixing them restores deliverability quickly.

Comprehensive Email Deliverability is right if you’re starting fresh (new domain, new email provider) or recovering from serious reputation damage. Even perfect authentication won’t help if inbox providers don’t trust you yet — that takes 30 days of controlled warm-up to build.

Not sure? If your domain is less than 90 days old or you’ve had a security incident that affected email, start with Comprehensive. Otherwise, Authentication Fix is usually enough.

You can, but it’s often more expensive that way. The Comprehensive package includes everything in the Authentication Fix, so you’re not paying twice for the same audit work.

If you’re genuinely unsure whether you need warm-up, start with the Authentication Fix. If deliverability doesn’t improve within a week of the fixes propagating, we can credit what you paid toward the Comprehensive package.

Want ongoing protection after this?

Explore our monthly plans →