Imunify360 is a comprehensive security suite installed on many shared hosting servers. It provides real-time malware scanning, intrusion detection, firewall protection, and automated threat remediation. If your server has Imunify360, you'll see it in your cPanel dashboard.
Please note: Screens and options may vary slightly depending on your cPanel version and hosting plan.
Accessing Imunify360
- Log in to your cPanel account.
- In the Security section, click Imunify360.
- The dashboard shows your account's security status.
Features
Malware Scanner
Imunify360 automatically scans your files for malware, backdoors, web shells, and other malicious code.
- Files tab — Shows detected threats with details about each infected file.
- Actions — For each detection, you can:
- Clean — Imunify360 attempts to remove the malicious code while keeping the file functional. - Delete — Removes the file entirely. - Ignore — Marks a detection as a false positive (use with caution).
Proactive Defence
Monitors PHP scripts in real time and blocks malicious behaviour, even from files not yet identified as malware.
Firewall
Blocks known malicious IP addresses and suspicious traffic patterns at the server level, before requests reach your website.
What to Do If Malware is Detected
- Review the detections in the Imunify360 dashboard.
- Click Clean to attempt automated removal.
- After cleaning, check your website to ensure it's functioning correctly.
- Change all passwords (cPanel, FTP, email, database, CMS admin).
- Update all software (CMS, plugins, themes) to the latest versions.
- Review your account for any unknown files, unauthorised FTP accounts, or suspicious email forwarders/filters.
Tips
- Imunify360 is a server-level tool managed by your hosting provider. You can view detections and clean files, but the broader configuration is handled by the server administrator.
- Prevention is better than cure. Keep all software updated, use strong passwords, and remove unused plugins or themes.
- If your site is repeatedly flagged, it may indicate a vulnerability in your application code or an outdated plugin. Address the root cause, not just the symptoms.
- Not all hosting providers include Imunify360. If it's not available in your cPanel, ask your provider about their security measures.
What Next?
- Understanding ModSecurity (WAF) — Web Application Firewall protection.
- Enabling Two-Factor Authentication (2FA) — Secure your cPanel login.
