Back to website Login
There was a problem loading the comments.

Website blocked or malware detected: cleanup checklist (Imunify360 on GARMTECH Hosting)

Support Portal  »  Knowledgebase  »  Viewing Article
  Print

On GARMTECH hosting we use Imunify360 to help protect websites from malware and compromised scripts. If a site is infected, Imunify360 may detect malicious files or even block access to reduce harm.

Typical symptoms:

  • A warning page instead of your website
  • Unexpected 403/404 errors
  • Security alerts about malware in files
  • Visitors are redirected to unknown websites

Step 1: Access Plesk and confirm the alert

  1. Log in to My.GARMTECH.
  2. Open your hosting service and log in to Plesk.
  3. Open Imunify360 (in the left menu) and review:
    • Malware scan results
    • Detected infected files
    • Cleanup/quarantine actions (if available)

Step 2: Make a backup before changes

If possible, create a backup (or download a copy of the website) before cleanup. This helps if you need to roll back or investigate later.

Step 3: Clean the infection

  • Run a Malware Scan in Imunify360.
  • Review detected files carefully. If Imunify360 provides a cleanup action, use it to remove known malicious code.
  • If many core files are infected (WordPress/Joomla/Drupal), it is often safer to:
    • Replace core files with a clean version, and
    • Restore plugins/themes from trusted sources, and
    • Restore uploads from a clean backup (if needed).

Step 4: Fix the root cause (most important)

If you only remove infected files, the website may be reinfected. After cleanup:

  • Update your CMS and all plugins/themes to the latest versions.
  • Remove unused plugins/themes.
  • Change passwords:
    • Plesk account
    • FTP users
    • Database users
    • CMS admin accounts (WordPress, etc.)
  • Check file permissions (avoid writable permissions like 777).
  • Scan your local computer for malware (stolen FTP passwords are a common reason).

Step 5: Restore from a clean backup (recommended if available)

If you have a known clean backup from a date before the infection, restoring it is often the fastest and safest path.

After cleanup

  • Re-scan in Imunify360 to confirm the site is clean.
  • Open the site in a private/incognito browser window to verify normal behavior.
  • If you use a cache (LiteSpeed/LSCache), clear cache after the cleanup.

If you believe the detection is a false positive, open a ticket in My.GARMTECH and include the affected domain, the detected file path(s), and screenshots from Imunify360. (/tickets/create/step1)

Share via
Did you find this article useful?  

Related Articles

Comments

Add Comment

Replying to  

Categories

Tags

© GARMTECH