What is Imunify360?

Imunify360 is security software installed on all of our hosting servers at MonsterMegs.  It’s designed and developed by the amazing team at Cloudlinux.  Imunify360 uses herd immunity and the six-layer approach to provide our hosting customers with the highest level of security from all sorts of malicious attacks.  This includes DDOS attacks, Mod Security protection, malware scanning, website reputation management and a sophisticated firewall.  Imunify360 is designed to detect abnormal user behavior including brute-force attacks which are becoming increasingly common with WordPress sites.

WordPress is a big target for hackers and the number of attacks a WordPress based website receives daily on our network is in the thousands.  Most users are unaware and that’s because Imunify360 is in place to help protect their websites.  The six-layer approach includes:

  • Real-time malware scanning
  • Advanced firewall with greylisting
  • Intrusion detection
  • Server Kernel Patching
  • Website Reputation Management
  • Web Applications Sandboxing

How Imunify360 Works

Imunify360 intrusion detection is based off Mod Security rules.  Without getting in to too much detail, Mod Security is an application firewall on the server-side.  Imunify360 has integrated mod security ‘rules’ that are updated daily.  These rules are what protect our customers websites from all sorts of attacks.  For example, if you have a certain number of failed login attempts to WordPress, cPanel, Email or FTP within a specific time period your IP address will be blocked by the firewall.  This is a temporary time based block.

The WebShield system uses reCAPTCHA to determine if a user is a real person or not.

The reCAPTCHA is the next generation of CAPTCHA, a feature intended to distinguish human from machine input and protect websites from the spam and different types of automated abuse.

With the invisible reCAPTCHA enabled, a human user is not required to go through human confirmation - the process will pass under the hood and a user will be redirected to the website. In case if invisible reCAPTCHA failed to detect if a user is a human or not, then visible reCAPTCHA appears.


The CAPTCHA is always on guard of the websites and checks the activity of each IP. With the help of reCAPTCHA it blocks bots and protects websites from spam and abuse.

If a user of a website is added to the Grey List (the access is blocked), then the reCAPTCHA allows him to unblock himself. When he tries to get to the website he is redirected to the reCaptcha Server, where he can see the protection page asking to confirm that he is not a robot by ticking a checkbox.

If successful, a user is redirected to the website, which means that the access is unblocked and the IP address of this user is removed from the Grey List.

The reCaptcha supports localization. Depending on user’s browser settings, reCaptcha will use the browser default language and allow to change it if needed.

Reasons You May Be Blocked By Immunify360

The most common reason that Immunify360 will block an IP address is failed logins.  This could be failed logins to cPanel, Email accounts or FTP.  If you use WordPress and have multiple failed logins you’ll also trigger a block.   As mentioned earlier, another reason you may have been blocked is if you triggered one of our Mod Security rules.  It’s not uncommon to trigger a rule if you use WordPress as many themes and plugins are not always using best coding practices which in turn could get you blocked.

Looking for reliable and affordable cPanel Web Hosting with Unmatched Customer Support?
Grab your new Web Hosting package today and receive a FREE cPanel migration. All plans come with our 30 Day Money Back and 99.9% Uptime Guarantees!
Was this answer helpful? 0 Users Found This Useful (0 Votes)