This article does not apply to customers with the following hosting plans wp-Budget unless you have acquired the relevant add-on.
From the beginning of 2019 we have been rolling out a series of new and improved security features designed to make your site safer and more secure than ever before. In this article we'll be addressing the Malware Detection feature.
The malware scanner previously used was reactive - scans were performed each day and then action taken, if necessary, against the bad code/files. While this was robust, it did mean that malicious code could sit around for a little time between scans. The new malware detection service will scan all files uploaded to your site, and all modified files in real-time. This means that the moment a malicious file becomes present in your hosting environment, action will be taken against it. If a hacker gains access to your site and modifies a core WordPress file to, for example, redirect visitors to a spam site, this will be identified and acted upon immediately.
1) First log in to cPanel. If you are unsure how to do this then check out this article here: https://wpopt.net/knowledgebase.php?action=displayarticle&id=3
2) Scroll down and locate the icon entitled "Imunify360" in the section "Security".
3) On the subsequent page you should automatically see the Malware tab. If any malware is detected you will see an cog next to each file. Clicking this will give you the ability to whitelist this file. Before setting the system to whtielist a file (i.e. if you believe the hit is a false-positive) it is strongly recommended you contact the developer/vendor of the script/plugin to double-check that the code is as it should be!
4) The default action taken by the system when a suspected malicious file is found is to chmod 000 the file. This means it sets the permissions of the file to no-read, no-write, no-execute. This effectively means that nothing can interact with the file, and the file cannot interact with anything else. There is a risk that if the malicious file is inside WordPress core, your theme, or a plugin, then a specific feature may no longer work. False positives are generally extremely rare so you should not need to worry about this. If you prefer, you can set the system to completely delete the file, or to take no action at all, just "notify". To do this, click "Settings" in the top-right corner and choose the desired default action.
