This article does not apply to customers with the following hosting plans wp-Budget unless you have acquired the relevant add-on.
From the beginning of 2019 we have been rolling out a series of new and improved security features designed to make your site safer and more secure than ever before. In this article we'll be addressing something known as Proactive Defense.
While firewalls will often stop bad actors from perform undesired actions on your site, they can nevertheless not always stop things from happening if the code is already present on your site itself. Take for example a plugin which has a weakness. Hackers will attempt to leverage this weakness before you as a site owner have a chance to remove the plugin, or before the plugin developer has a chance to patch the issue.
Proactive defense will kill malicious processes before they have a chance to run. It can prevent malware which even malware scanners are unable to detect and in this sense can stop both known and unknown malware and malicious processes. Designed to protect against zero-day attacks, it will stop bad processes in real time, with no latency.
As with anything related to security, there can be a fine balance between stopping malicious code, and not stopping legitimate code. WordPress and its myriad themes and plugins is extremely complex - no two sites are alike, therefore it is always conceivable that if you notice any issues with a legitimate process simply "not running" or other weirdness then you may wish to check your dashboard in cPanel.
1) First log in to cPanel. If you are unsure how to do this then check out this article here: https://wpopt.net/knowledgebase.php?action=displayarticle&id=3
2) Scroll down and locate the icon entitled "Imunify360" in the section "Security".
3) On the subsequent page, click the on the tab at the top, entitled "Proactive Defense"
4) Here you will see information pertaining to any malicious script which has run under your sites, the specific rule being triggered, the IP address of the visitor which triggered the script, as well as the path to the script itself. Clicking the cog next to each entry will enable you to see some options where you can ignore the detected rule for that file, ignore ALL rules for that file (not recommended), or view the contents of the file itself. Before setting the system to ignore a rule/all rules (i.e. if you believe the hit is a false-positive) it is strongly recommended you contact the developer/vendor of the script/plugin to double-check that the code is as it should be!
5) Note that the default system action is to Kill (i.e. Terminate) any code/process it deems to be malicious. In the event you wish to disable the proactive defense feature, or simply set it to only log incidents (i.e. it will take no action, only record a log entry) then you can also do so here.