Managing proactive defense (malicious script execution prevention)

From the beginning of 2019 we have been rolling out a series of new and improved security features designed to make your site safer and more secure than ever before. In this article we'll be addressing something known as Proactive Defense.

While firewalls will often stop bad actors from perform undesired actions on your site, they can nevertheless not always stop things from happening if the code is already present on your site itself. Take for example a plugin which has a weakness. Hackers will attempt to leverage this weakness before you as a site owner have a chance to remove the plugin, or before the plugin developer has a chance to patch the issue.

Proactive defense will kill malicious processes before they have a chance to run. It can prevent malware which even malware scanners are unable to detect and in this sense can stop both known and unknown malware and malicious processes. Designed to protect against zero-day attacks, it will stop bad processes in real time, with no latency.

As with anything related to security, there can be a fine balance between stopping malicious code, and not stopping legitimate code. WordPress and its myriad themes and plugins is extremely complex - no two sites are alike, therefore it is always conceivable that if you notice any issues with a legitimate process simply "not running" or other weirdness then you may wish to check your dashboard in cPanel.

1) First log in to cPanel. If you are unsure how to do this then check out this article here: https://wpopt.net/knowledgebase.php?action=displayarticle&id=3

2) Scroll down and locate the icon entitled "Imunify360" in the section "Security".



3) On the subsequent page, click the on the tab at the top, entitled "Proactive Defense"


4) Here you will see information pertaining to any malicious script which has run under your sites, the specific rule being triggered, the IP address of the visitor which triggered the script, as well as the path to the script itself. Clicking the cog next to each entry will enable you to see some options where you can ignore the detected rule for that file, ignore ALL rules for that file (not recommended), or view the contents of the file itself. Before setting the system to ignore a rule/all rules (i.e. if you believe the hit is a false-positive) it is strongly recommended you contact the developer/vendor of the script/plugin to double-check that the code is as it should be!


5) Note that the default system action is to Kill (i.e. Terminate) any code/process it deems to be malicious. In the event you wish to disable the proactive defense feature, or simply set it to only log incidents (i.e. it will take no action, only record a log entry) then you can also do so here.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Accessing your email account through the Webmail interface

There are a number of ways of accessing your email. Many people choose to use external mail...

Adding a new domain to your hosting account

You can use cPanel to easily add a new domain to your hosting plan (if supported by your plan)....

How to install WordPress

When you've create a hosting account or added on a domain for the first time, often the first...

Creating and managing an email account

You can create an email account for any domain that you have registered as an add-on domain or...

Creating an FTP account

NOTE: FTP is now being restricted on our systems to reduce the risk of attacks over this protocol...