Back to website Login
There was a problem loading the comments.

Imunify360 blocks my website (403/406): unblock and whitelist safely on GARMTECH hosting

Support Portal  »  Knowledgebase  »  Viewing Article
  Print

GARMTECH hosting uses security protection (including Imunify360) to block malicious traffic and common attack patterns. In some cases, legitimate requests can be blocked and you may see errors like 403 Forbidden or 406 Not Acceptable.

This guide helps you check whether Imunify360 is involved and how to unblock yourself safely.

1) Confirm the block is related to Imunify360

  • If the browser shows a security/forbidden message only for certain pages (for example, /wp-admin, login, forms), a WAF rule may be triggered.
  • Log in to Plesk and look for Imunify360 in the left menu (or under Extensions).

2) Find the blocked IP and the reason

  1. Open PleskImunify360.
  2. Review sections like Incidents, WAF, or History (names may vary depending on the interface).
  3. Look for entries that match the time you tried to open the website and note:
    • Your IP address
    • The URL that was accessed
    • The rule/category that triggered the block

3) Remove a block / add an IP to allowlist (recommended approach)

If you blocked your own IP (for example, after too many login attempts), the safest fix is to allow your IP:

  1. In Imunify360, open IP Management (or similar).
  2. Search for your IP.
  3. If the IP is Blacklisted, remove it from the blacklist.
  4. Add the IP to Whitelist/Allowlist if you have that option and you trust the IP.

Important: Do not whitelist random public IPs. Whitelisting bypasses protection and should be used only for addresses you control (office IP, VPN, etc.).

4) Fix the root cause (so it does not happen again)

  • WordPress security plugins: some plugins can trigger aggressive blocks. Update the plugin and review its firewall settings.
  • Forms and API endpoints: if a contact form or API endpoint triggers a rule, check input validation and whether the request contains unusual strings.
  • Outdated software: outdated CMS/plugins are a common reason for security incidents. Keep your site updated.

5) If you use Cloudflare

  • If you proxy your website through Cloudflare, requests come from Cloudflare IP ranges. Normally this works without changes.
  • If you created custom IP blocks or “country blocks” in your own application/plugins, make sure you are not blocking Cloudflare traffic.

6) If you cannot access Plesk to check Imunify360

  • Try to log in to Plesk from My.GARMTECH (secure login button on your hosting service page).
  • If the website is blocked but Plesk is accessible, you can still review and remove IP blocks from the panel.
Share via
Did you find this article useful?  

Related Articles

Comments

Add Comment

Replying to  

Categories

Tags

© GARMTECH