Articles on: Hosting

How to Use Imunify to Protect Your Website from Malware in Plesk

Imunify360 is integrated into your Plesk hosting at Thamara.cloud to automatically detect, clean, and protect your websites from malware, viruses, and security threats.

This guide will walk you step-by-step through how to use Imunify in Plesk to keep your websites secure.

 Step 1: Access Imunify in Plesk

  1. Log in to your Plesk control panel.
  2. In the left sidebar, click WebSites and Domain scroll down to the Imunify icon
  3. Click Imunify to open the dashboard.


Step 2: Explore the Imunify Dashboard

Once opened, the Imunify360 Dashboard provides an overview of your server and website security.

You’ll see:

  • Malware summary — number of infected and cleaned files
  • Recent incidents — blocked attacks or suspicious activity
  • Scan status — last and next scheduled scans
  • Firewall statistics — IPs blocked, attacks prevented


 

Step 3: Run a Manual Malware Scan

To check your website for malware immediately:

  1. From the Imunify dashboard, click the Malware Scanner tab.
  2. Click Start Scanning.
  3. Select which domain or directory to scan (or choose all).
  4. Wait for the scan to complete — progress will display on screen.

When finished, you’ll see a list of any detected infections.


Step 4: Review and Clean Infected Files

After a scan, you can view, clean, or quarantine infected files.

  1. Go to the Malicious Files tab.
  2. You’ll see a list showing:
  • File path
  • Detection reason (e.g. “Suspicious PHP code”)
  • Status (Infected, Cleaned, Quarantined)

To fix the infection:

  • Click Clean Up to automatically remove malicious code.
  • If cleaning fails, click Quarantine to isolate the file safely.

Imunify automatically preserves your clean code and only removes the infected parts when possible.

 

Step 5: Configure Automatic Malware Scans

To ensure continuous protection, you should enable automatic malware scanning.

  1. Open the Scan section under Malware Scanner.
  2. Ensure That Real-time Scanner is set to ON


 

Step 6: Enable Proactive Defense

Proactive Defense actively blocks malicious scripts before they execute on your website — an essential feature for PHP-based sites like WordPress.

  1. Go to Settings → Proactive Defense.
  2. Enable Proactive Defense.
  3. Set mode to:
  • Kill Mode (Recommended) — automatically blocks malicious scripts.
  • Log Only — detects but doesn’t block (use for testing).

Save your settings.


 

Step 7: Review Security Logs and History

You can review past scans, detections, and cleanups from the History tab.

  1. Click History in the left menu.
  2. You’ll see:
  • Date and time of each scan
  • Files cleaned or quarantined
  • Actions taken automatically

Click any record to view full details.


 

Best Practices for Ongoing Protection

To keep your websites safe and prevent reinfection:

  • Keep WordPress, Joomla, and other CMS platforms fully updated.
  • Regularly remove unused plugins and themes.
  • Avoid nulled or pirated extensions and templates.
  • Use strong passwords and enable two-factor authentication (2FA) in Plesk.
  • Check your Imunify dashboard at least once a week.
  • Set up daily backups via Plesk Backup Manager.

Conclusion

Imunify360 gives your Plesk-hosted websites real-time protection against malware, viruses, and web attacks.

By combining automated scanning, proactive defense, and smart cleanup, your sites remain safe with minimal manual work.

 Tip: At Thamara.cloud, Imunify360 is fully integrated and automatically included with most hosting plans. You can access it anytime directly from your Plesk dashboard.

Updated on: 12/11/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!