Security

What Is Imunify and How Do You Use It in cPanel?

Security | Essex Web Hosts

Features of ImunifyAV (Free Version)

ImunifyAV may be free, but don’t underestimate what it can do. It’s an intelligent malware scanner that detects infected files, flags suspicious behaviour, and gives you clear reports — all directly within cPanel. Here’s what’s included:

  • Manual on-demand malware scans
  • Detailed file-level infection reports
  • Visual “traffic light” status system
  • Easy navigation via cPanel interface
  • Smart threat detection that spots both common and obscure malware

No automatic cleaning or real-time protection here — that’s reserved for premium users — but what you do get is visibility and control. If your site’s acting up or you just want peace of mind, ImunifyAV gives you the diagnostic tools you need to take action fast.

How to Scan Your Website with ImunifyAV in cPanel

Let’s break down exactly how to run a malware scan using ImunifyAV inside cPanel. No tech wizardry needed — if you can click, you can scan.

  1. Login to cPanel and scroll down to the Security section.
  2. Click the ImunifyAV icon. It may be labelled just “ImunifyAV” or “Virus Scanner” depending on your host.
  3. You’ll land on a dashboard showing your domain’s current security status — red means infected, green means clean.
  4. Hit Start Scan. The system begins scanning all files under your account — including hidden malware, backdoors, injected scripts, and known exploit patterns.
  5. Once finished, results will show as:
    • Clean – No issues detected
    • Infected – Files with malware or suspicious code
    • Warnings – Potential issues worth reviewing manually

Infected files will be listed with their path and threat type. You can then download, review, or manually clean them using your file manager or FTP access.

Understanding ImunifyAV Scan Results

ImunifyAV categorises threats using a colour-coded system and gives a short description of what was found. For example:

  • PHP.Shell – A common backdoor allowing attackers to execute code
  • Trojan.Susp – Suspicious file that might download other malware
  • JS.Injector – JavaScript added to webpages to redirect or steal info

You’ll also see the exact line numbers inside infected files, helping you identify what needs removing. It’s like having an X-ray of your website’s filesystem.

How to Remove Malware Detected by ImunifyAV

While ImunifyAV itself won’t clean files automatically, you’ve got several options:

  • Delete the file entirely if it’s not essential (e.g. an old plugin or unknown file)
  • Edit the file manually using cPanel’s File Manager or FTP to remove malicious code
  • Restore from a clean backup if you’ve got one available
  • Ask our support team – we’ll review and guide you through the fix

If you’re unsure or nervous about editing live files, submit a support ticket here and we’ll help clean it up properly without breaking your site.

Common Causes of Infections ImunifyAV Finds

  • Outdated WordPress, Joomla, or CMS plugins
  • File upload scripts with poor validation
  • Insecure themes downloaded from shady sites
  • Weak passwords allowing brute-force access
  • Exposed configuration files

Security isn’t just about scanning — it’s about prevention. Clean up now, but also lock things down moving forward. More on that below.

Best Practices After a Malware Scan

Once you’ve scanned with ImunifyAV and removed infected files, take a few extra steps to harden your hosting account:

  • Update all CMS platforms, plugins, and themes
  • Delete unused files and directories
  • Use strong, unique passwords
  • Disable PHP execution in upload directories
  • Install a Web Application Firewall (WAF) if possible

Need help doing any of this? We’re here to assist — just let us know what you’re seeing, and we’ll jump in.

What If ImunifyAV Isn’t Showing in cPanel?

Some hosts don’t enable ImunifyAV by default. If you don’t see it in your cPanel, your options are:

  • Check with your hosting provider to enable it
  • Switch to a host (like us) that includes it at no extra cost
  • Use external malware scanners, but prepare for more hassle

Spoiler alert: We include ImunifyAV for free on all Linux-based hosting plans. Just log in, scan, and secure — easy.

Conclusion: ImunifyAV Is Your First Line of Defence

ImunifyAV is like the CCTV camera watching your website 24/7. It won’t jump in to stop attacks automatically — but it *will* tell you exactly where the break-in happened, and what got messed up.

For most website owners, it’s the perfect first step toward security. Regular scans, clean reports, and a solid action plan go a long way toward keeping your site online, safe, and trustworthy.

If you’ve run into malware and don’t know what to do next — submit a support ticket now. We’re quick, we know this stuff inside-out, and we’ll get you sorted.

Frequently Asked Questions about ImunifyAV in cPanel

What is ImunifyAV in cPanel?

ImunifyAV is a free malware scanner included with many cPanel-based hosting plans. It helps detect malicious code, backdoors, viruses, and other threats on your website. While it doesn’t clean files automatically, it gives you detailed reports so you can take action quickly.

Is ImunifyAV free?

Yes, ImunifyAV is 100% free when included by your hosting provider. It offers manual malware scanning, infection reporting, and alerts — without needing a premium subscription. Many hosts include it by default inside the cPanel interface.

How do I access ImunifyAV in cPanel?

Log in to your cPanel, scroll down to the Security section, and look for the ImunifyAV or Malware Scanner icon. Click it to open the dashboard and start scanning your website files.

Can ImunifyAV automatically remove malware?

No, the free version of ImunifyAV does not clean malware automatically. It scans and reports infected files, but you need to clean them manually. Some hosting providers offer support to help you clean your site — submit a support ticket here if you need help.

What types of malware can ImunifyAV detect?

ImunifyAV can detect PHP shells, JavaScript injections, spam scripts, malware droppers, obfuscated code, and more. It scans for both known signatures and suspicious patterns that indicate hacking attempts or backdoors.

Will scanning with ImunifyAV affect my website?

Nope! ImunifyAV scans run in the background and don’t slow down your website or take it offline. It’s safe to use at any time, even on live production sites.

What should I do if ImunifyAV finds malware?

If malware is detected, you can:

  • Delete infected files via File Manager
  • Edit them manually to remove bad code
  • Restore a clean backup
  • Or contact support for help fixing the issue
It’s important to act quickly to prevent your website from being blacklisted or compromised further.

Why don’t I see ImunifyAV in my cPanel?

Not all hosts include it. If it’s missing, check with your provider or consider moving to a host that offers it as standard. We include ImunifyAV on all our cPanel-based hosting plans — no upgrade or setup needed.

How often should I scan my site with ImunifyAV?

At minimum, scan your website once a week. For high-traffic or e-commerce sites, consider scanning daily. Regular checks help catch threats early before they cause serious damage.

Is ImunifyAV enough to secure my site?

It’s a great first line of defence, but full protection includes:

  • Keeping software up to date
  • Using secure passwords
  • Regular backups
  • Security plugins or firewalls for CMS like WordPress
Use ImunifyAV as part of a broader security plan.

To top
We use cookies to improve your experience. By using our site, you agree to our cookie policy. Learn more.