Protecting your website from malware and threats
Imunify360 is an advanced security solution integrated into our hosting control panel, and it's freely available to all our users os Starter Cloud, Pro Cloud and Fracto Cloud services.
It continuously monitors your site, detects malicious activity, and helps you clean infected files with just a few clicks.
This guide will walk you through the main features available in your user interface and how to use them effectively.
1. Accessing Imunify360
You can access Imunify360 directly from your hosting control panel 100.unihost.it in Extra Features -> Imunify360 plugin.
Once opened, you will see the main interface where all security-related tools are available.
2. The “Malware Scanner" Section
This is the most important area for everyday use.
Here, Imunify360 displays a list of files that have been detected as malicious during scans.
What you will see
Each detected file includes:
- Detection time – when the threat was identified
- File path – exact location on your hosting account
- Reason – type of malware detected (based on security signatures)
- Status – current state of the file
Common statuses include:
- Infected – malware has been detected
- Cleaned – the file has been successfully repaired
- Content removed – malicious code has been removed
- Cleanup queued – scheduled for automatic cleaning
Available actions
For each file, you can perform several actions:
- View file → inspect the content (preview only)
- Cleanup → automatically remove malicious code
- Delete → permanently remove the file
- Restore original → revert to a clean backup (if available)
You can also apply actions in bulk by selecting multiple files.
Filters and sorting
To help manage large lists, you can:
- Filter by time period
- Filter by status
- Sort by date, file path, or detection reason
Running a manual scan
If enabled on your hosting plan, you may see a “Start scanning” button.
This allows you to:
- Launch a manual malware scan
- Check newly uploaded or modified files immediately
3. Understanding Malware Signatures (Simplified)
When Imunify360 detects a threat, it uses a signature ID that may look complex.
Example:SMW-SA-05155-wshll
Here’s a simplified interpretation:
- SMW / CMW → server-side or client-side malware
- INJ / SA → injected code or standalone malicious file
- Category → type of threat (e.g., web shell, malware)
You don’t need to decode these manually—just know that they identify the nature of the threat.
4. The “History” Section
The History tab provides a complete log of all security-related actions.
This is useful for auditing and troubleshooting.
What is recorded
For every event, you will see:
- Date and time
- File path
- Cause (how the issue was detected)
- Owner
- Initiator (user or system)
- Event type
Types of events
Typical events include:
- File detected as malicious
- File cleaned
- Cleanup failed
- File deleted
- File restored
- Submitted for analysis
Why this matters
The History section helps you:
- Track when infections occurred
- Verify that cleanup actions were successful
- Identify recurring issues
5. How Imunify360 Protects Your Website
Even if you don’t interact with it daily, Imunify360 is always active in the background.
It provides:
- Real-time malware detection
- Automated cleanup
- Cloud-assisted threat intelligence
- Continuous scanning of new and modified files
Thanks to its optimised scanning system, future scans become significantly faster after the initial run.
6. Best Practices for Users
To get the most out of Imunify360:
✔ Check regularly
Log in periodically and review the Files section.
✔ Clean infections promptly
Do not leave infected files unresolved—they may spread or be exploited.
✔ Avoid deleting blindly
If unsure, use Cleanup instead of Delete to preserve functionality.
✔ Monitor history
Use the History tab to identify patterns or repeated infections.
✔ Keep your site updated
Most infections originate from outdated CMS, plugins, or themes.
7. Final Notes
Imunify360 is a powerful security tool capable of detecting and removing many common types of malware automatically. However, its intervention may alter or remove parts of your website’s code. As a result, while malicious behaviour can be stopped, certain legitimate functionalities of the website may also be affected or stop working.
It is important to understand that not all malware can be reliably detected or safely neutralised through automated processes. In many cases, a compromised website requires manual intervention by a qualified professional, who can identify the root cause of the infection and ensure a complete and safe remediation.
The website owner remains solely responsible for the security and integrity of their application. Imunify360 is an effective support tool, but it cannot compensate for inherently insecure software, outdated components, or improper configurations.
