The Website page in Security Center shows the security status of all protected websites and their associated server assets. Use it to identify risky domains, review active alerts and vulnerabilities, and run security checks.
Prerequisites
Before you begin, ensure that you have:
An active Security Center instance with website assets added
The required permissions to access the Assets module
View website asset status
Log on to the Security Center console. In the top navigation bar, select China as the region.
In the left-side navigation pane, choose Assets > Website.
On the Website page, use the two tabs to browse protected websites:
Root website — lists all root websites with their Website Name and Asset IP Address
Subdomain — lists all subdomains with their Website Name and Asset IP Address
Click a name in the Website Name column, or click View in the Actions column, to open the website details panel. The details panel shows:
Field Description Domain The full domain name of the website Root domain name The root domain this website belongs to Risk status Current security risk level of the website Related assets Servers associated with this website, including Asset name/IP, Type, Server Vulnerabilities, and Alert counts From the Related assets section, drill into specific findings:
Click an asset name to open its details page and view its Risk status on the Basic Information tab. For more information, see Manage servers.
Click a number in the Server Vulnerabilities column to view vulnerability details. For more information, see Vulnerability fixing overview.
Click a number in the Alert column to view alert details. For more information, see View and handle alert events.
Run a security check and view the report
On the Website page, go to the Security Check section and click Security Check. The Website Security Report page opens.
Report layout
The report contains five sections:
| Section | What it shows |
|---|---|
| Overview | Security score, total domain count, and counts of risky websites, alerts, and vulnerabilities |
| Risky websites (TOP5) | The five highest-risk domains with vulnerability, alert, and SSL status details |
| Alerts | Active alerts on website servers, ranked by risk level |
| Vulnerability risk | Top application vulnerabilities and WebCMS vulnerabilities detected on website servers |
| Security recommendations | Actionable suggestions based on the check results |
Overview
The Overview section displays your overall security score and a breakdown of risky assets.
How the security score is calculated
Security Center calculates the security score based on the security status of your websites and deducts points for each detected issue:
| Issue | Penalty | Cap |
|---|---|---|
| Security alerts | 5 points per alert | 30 points total |
| Security vulnerabilities | 5 points per vulnerability | 40 points total |
| Domains without SSL certificates | 5 points per domain | 20 points total |
The score is color-coded:
Green (90–100): Websites are in good security condition.
Yellow (70–89): Security risks exist. Handle risks based on the suggestions on the page.
Red (10–69): A large number of security risks exist and websites are vulnerable to attacks. Reinforce website security as soon as possible.
Risky websites (TOP5)
The Risky Websites (TOP5) section lists the five domains with the most risk. For each domain, you can see the vulnerability risk level, the top 5 security alerts, and SSL status.
SSL certificates encrypt website data over HTTPS and prevent data theft. If a domain is missing an SSL certificate, click configure to set one up.
To handle the risks for a specific domain:
Click Process in the Operation column.
On the domain details page, review the risk status and associated assets.
In the Related Assets section, click a number in the Server Vulnerabilities or Alert column.
On the Vulnerabilities or Alerts page, fix the issues. For more information, see View and handle vulnerabilities and View and handle alert events.
Alerts
The Alerts section lists active alerts on your website servers. Each entry shows the alert name, risk level, affected assets, and the most recent trigger time.
To handle a specific alert, click Process in the Operation column and resolve the alert on the Alerts page. For more information, see View and handle alert events.
Vulnerability risk
The Application vulnerability risks (top 5) and WebCMS Vul (TOP5) sections list the most critical vulnerabilities detected on your website servers. Each entry shows the vulnerability announcements, risk level, and affected assets.
To fix a specific vulnerability, click Repair in the Actions column and resolve the issue on the Vulnerabilities page. For more information, see Vulnerability fixing overview.
Security recommendations
The Security recommendations section provides targeted suggestions based on the check results. For example, if Security Center detects a risk of malicious link injection or content tampering, click Processing. On the Tamper Protection page, enable web tamper proofing for the affected servers.