Understanding Imunify360 Security in cPanel

Imunify360 is a comprehensive security suite installed on our cPanel servers. It provides real-time protection against malware, viruses, and other threats without requiring any configuration from you.

What Imunify360 Does

• Malware scanning — Automatically scans your files for malicious code
• Real-time protection — Blocks attacks as they happen
• Proactive defense — Monitors PHP scripts and blocks suspicious behavior
• Firewall — Server-level firewall that blocks known attackers
• Reputation management — Blocks IPs with poor reputation scores

Accessing Imunify360 in cPanel

1. Log in to cPanel
2. Scroll to the Security section
3. Click Imunify360

Dashboard Overview

The Imunify360 dashboard shows:

• Malware scanner results — Files flagged as suspicious or infected
• Proactive defense status — Whether PHP monitoring is active
• Blocked attacks — Recent attacks that were prevented

Malware Scanner

Automatic Scanning

Imunify360 automatically scans your files periodically. Infected files are:

1. Quarantined — Moved to a safe location so they cannot execute
2. Cleaned — Malicious code is removed while keeping the original file functional
3. Flagged — Marked for your review if automatic cleaning is not possible

Manual Scan

1. Open Imunify360 in cPanel
2. Click Start Scan or Scan My Account
3. Wait for the scan to complete
4. Review any flagged files

Handling Infected Files

When Imunify360 detects malware:

1. Review the list of infected files
2. For each file, you can:

- Clean — Remove the malicious code (recommended)

- View — See what was detected

- Ignore — If you are certain it is a false positive

- Delete — Remove the file entirely

Tip: If a WordPress plugin file is infected, clean it and then update the plugin to the latest version. Outdated plugins are the most common entry point for malware.

Proactive Defense

Proactive Defense monitors PHP scripts in real time:

• Kill mode — Blocks malicious scripts immediately (recommended)
• Log mode — Only logs suspicious activity without blocking
• Disabled — No PHP monitoring

To change the mode:

1. Go to Imunify360 > Proactive Defense
2. Select your preferred mode
3. Click Save

What to Do If Your Site Is Hacked

1. Run a full scan via Imunify360
2. Clean all infected files
3. Change all passwords (cPanel, email, database, CMS admin)
4. Update all software (WordPress, plugins, themes)
5. Remove unused plugins and themes
6. Check for unauthorized admin users in your CMS
7. Review access logs for suspicious activity
8. Restore from backup if cleaning is not sufficient

Prevention Tips

1. Keep WordPress, plugins, and themes updated
2. Use strong, unique passwords
3. Remove unused plugins and themes
4. Use two-factor authentication
5. Regularly back up your site
6. Only install plugins from trusted sources

Troubleshooting

False Positive Detection

If Imunify360 flags a legitimate file:

1. Click Ignore or Add to Whitelist
2. If cleaning broke your site, restore the file from backup

Site Blocked by Firewall

If your IP gets blocked after too many failed logins:

1. Wait 15-30 minutes for the auto-unblock
2. Try from a different IP or network
3. Contact support to whitelist your IP

Related Articles

• Configuring ModSecurity in cPanel
• Security Best Practices

Need help? Contact our support team at {{SUPPORT_EMAIL}} or open a ticket at {{SUPPORT_URL}}.