You may receive notifications like “Outdated application detected” or “Security problem” for your hosting. These alerts usually come from Imunify360 (server-side security scanner) and mean that a CMS/core/plugin version on your hosting looks vulnerable.
Why you get this message
- Your website software is outdated (WordPress/Joomla/Drupal, plugins, themes, etc.).
- An old copy exists in a subfolder (for example
/old/, /backup/, /test/).
- Leftover installers or scripts are present (even if the main website is updated).
Step 1 — Identify what is flagged
- Log in to Plesk.
- Open Imunify360 (if available) or check the notification details you received.
- Note the path (folder) and the application name/version that is reported as outdated.
Step 2 — Update or remove the vulnerable component
- WordPress:
- Update core, plugins, and themes in WordPress Admin or via Plesk WordPress Toolkit.
- Remove unused themes/plugins.
- Joomla/Drupal/other CMS: update the CMS and extensions using the official admin panel for that CMS.
- Old copies: if the flagged files belong to an old site copy that you no longer use, delete the folder entirely.
Step 3 — Re-check after changes
- If Imunify360 is available in your Plesk, run a new scan or wait for the next scheduled scan.
- If the alert persists, search your hosting for another copy of the same CMS in subfolders (old backups are a common cause).
Important notes
- Do not ignore these alerts. Outdated applications are one of the most common reasons for hacked websites and spam sending.
- Before deleting folders, make sure you have a backup (Plesk Backup Manager can help).
- For WordPress sites, keep automatic updates enabled and maintain a short list of plugins.
