Imunify360 is the antimalware and active defense layer on every Noxity hosting plan. It scans files on upload and on a schedule, blocks known attack patterns at the firewall level, and quarantines anything that matches a malware signature. Most of the work happens silently in the background; the cPanel-side interface is for the parts where you might need to step in.
Open it from cPanel home → Security → Imunify360.
What you’ll see
The user-side dashboard splits into a few sections. Names and exact tabs vary slightly between Imunify360 versions; the underlying jobs are these.Files (the malware scanner)
The main tab. Lists files Imunify360 flagged as malware on your account, with the path, the threat name, the timestamp, and per-row actions:- View. Inspect the file’s contents (read-only) and the matched signature.
- Restore from backup. If a previous Imunify360 cleanup quarantined the file, restore the original.
- Ignore. Mark this file as safe. The path moves to the Ignore List and won’t be flagged on future scans.
- Delete. Remove the file.
History (past scans)
A chronological list of every scan that’s run on the account. Each row has the start time, duration, files scanned, files flagged. Useful for confirming scans are running on schedule and for spot-checking a specific time window after an incident.Ignore List
Every path you’ve marked Ignore lands here. The list is editable: remove a path to put it back under scan. Patterns and globs are supported (e.g./home/myuser/public_html/wp-content/plugins/legitimate-plugin/*) so you can ignore an entire trusted directory in one entry.
Be conservative with broad globs. Ignoring /wp-content/uploads/* would also ignore malware that landed there, which is a common upload-vulnerability target.
Action Log
A timestamped trail of everything Imunify360 has done on your account: files quarantined, files cleaned, IPs banned, scans started and finished. Useful when something on your account stops working and you want to see if Imunify intervened.What runs in the background
A few Imunify360 features don’t surface as tabs on the user side; they just work:- Real-time on-upload scanning. Every file written to disk (FTP, SFTP, File Manager, plugin install) is scanned before it lands.
- Web Application Firewall extensions. Imunify360 augments ModSecurity with its own rule list and IP reputation feed.
- Proactive Defense. PHP runtime hardening that catches malicious code patterns at execution time, even when the file itself isn’t flagged.
- IP reputation. Server-wide block list shared across the Imunify360 fleet. An IP that’s actively attacking other accounts is blocked on yours before it tries.
What you’ll typically use this for
| Situation | What to do |
|---|---|
| Imunify quarantined a file you know is legitimate | Restore it, then add it to the Ignore List so it doesn’t get flagged again. |
| You suspect malware but don’t see anything flagged | Click Scan for an on-demand check. Open a ticket if you still suspect compromise. |
| A real visitor is being blocked by the WAF | Open a ticket with the visitor’s IP and the URL they were trying to reach. |
| You see Action Log entries you don’t recognize | The path and timestamp tell you what was acted on. If it’s a plugin or theme file, restore from backup; if it’s a file you don’t know, leave it quarantined. |
What Vulnerability Protection (paid) adds
Imunify360 includes runtime hardening that catches common attack classes. The separate Vulnerability Protection add-on in WP Toolkit adds virtual patching specifically for known WordPress plugin and theme CVEs, applying a patch in front of the vulnerable code without waiting for the upstream fix. The two layers complement each other. Imunify360 alone is enough for most sites; high-traffic WordPress installs that can’t keep every plugin updated benefit from adding Vulnerability Protection.Common issues
A legitimate file keeps getting quarantined
A legitimate file keeps getting quarantined
Imunify360’s signatures occasionally match obfuscated-but-legitimate code (some premium themes, certain page builders). Restore the file, add the exact path to the Ignore List, and open a ticket with the file path, we’ll forward the false-positive sample upstream so the signature gets refined.
My site is timing out and I think Imunify is blocking it
My site is timing out and I think Imunify is blocking it
Check the Action Log for IPs banned around the time the timeouts started. If the visitor’s IP is listed, they were blocked. Open a ticket with the IP and we’ll review.
Scan is taking forever
Scan is taking forever
First scans on a big account (lots of WordPress files, many themes, big media folder) can take 30 minutes or more. Subsequent scans are faster because of incremental checks. If a scan is genuinely stuck (no progress for an hour+), open a ticket.
I want to disable Imunify360 on my account
I want to disable Imunify360 on my account
You can’t turn it off from the cPanel side; it runs server-wide and protects every account. If a specific behavior is breaking your workflow, open a ticket and we can usually exempt the specific path or rule.