Where you hit by a lockout and Captcha and something saying it was imunify360?
Just one click on the menu triggered the lockout and I had to complete the captcha to unblock my ip. When it happened several times in a row, it was time to investigate.
Imunify360 is a security product developed by CloudLinux. It provides security enhancements to hosting systems such as:
- Advanced Firewall
- Intrusion Detection and Protection System
- Malware Detection
- Patch Management
It is described on their own site as follows:
Imunify360 is a next-generation Linux security solution developed specifically to ensure comprehensive security for shared, VPS and Dedicated web servers. It uses herd immunity and the six-layer approach to provide total protection against attacks.
Sounds good, but I thought it the behaviour on my site was over-zealous and would prevent genuine visitors from visiting and could even put people off forever.
You can turn it off...
or have it turned off, depending on your hosting provider.
It can be turned 'On' or 'Off'' in cPanel.
How to turn imunify360 off
- Scroll down to the Security Module
- Click ModSecurity
- in the next screen, click Off
While turning it off is an instant 'quick fix' I felt that the intention was good and the protection the software would afford could be very useful.
This should be a temporary solution while you investigate the cause on your own WordPress site.
Possible Causes of Unwanted Behaviour
The instant lockout could be caused by a 'fetch' command in the header. The command could be sent by your Theme or a Plugin. WordPress is full plugins and themes that have not been written to the highest standards or not kept fully up to date. Testing may give you an answer.
Finding the Cause
At each stage, you will need to turn ModSecurity back on to see the result. The process of finding a reason could take some time, but if you are able to benefit from the protection it may be well worth your while in the end. I suggest you settle down to do it when you you are relaxed and comfortable, and you have some time. If you solve it quickly, it'll be a bonus.
Tip: Back up your site before making any changes.
First Make sure all your plugins and themes, as well as WordPress, are up to date. This one simple thing may be all that's wrong.
To identify a faulty plugin, disable all your plugins, turn on ModSecurity and re-enable them one by one until you encounter the same error.
You can do the same test with your theme by enabling the default WordPress theme temporarily.
When you find the culprit you can try to contact the developer and ask for an update or replace with an alternative.
Do not rely solely on the software for your site security. It is always good to have security plugins in place as there is no one thing that does it all.
More About Imunify360
This software was developed in 2016 by Cloud Linux, released towards the end of the year, and has been implemented by some hosting providers. You can find where to learn more at their site.
If you have your very own server, here is a link to the imunify360 sales website.
If you are interested in geeky workings this is a user review on webhosting talk
There has been some discussion among geeky types about its use and and a discussion during development here. Don't even go there unless you have plenty of time. It's a long thread!
I hope this article has answered the question What is Imunify360? and that it has helped with your site security questions.