Imunify360 · Included with every managed plan
Six layers of protection. One unified defence.
Every Conetix Managed hosting for WordPress site runs behind the full Imunify360 stack — six independent security systems that work together so attacks have nowhere to land. If one layer misses something, the next one catches it.
Imunify360 Protection Layer
Stops Known Bad Actors at the Outermost Perimeter
A globally pooled, real-time blocklist that keeps attackers from ever reaching your server.
The network firewall leverages our global threat intelligence network, which collects attack data from over 57 million domains worldwide. When an attack is detected on one server, the offending IP is immediately blocked across the entire network, preventing that attacker from reaching any other server protected by Imunify. It stops known bad actors at the outermost perimeter before they can even attempt to exploit a vulnerability.
- Global threat intelligenceAttack data pooled from 57M+ domains worldwide
- Instant cross-network propagationOne block protects every server on the network
- Perimeter defenceThreats stopped before they reach your application
threat intelligence network
Imunify360 Protection Layer
Filters Bots, Stops DoS — Without CAPTCHAs
An invisible JavaScript challenge that blocks automated traffic while real visitors pass through untouched.
WebShield sits in front of web servers to detect and filter malicious traffic, including botnet attacks and Denial of Service (DoS) attempts. For suspicious traffic, it presents our invisible JavaScript challenge, which effectively blocks automated bots while remaining passthrough for human visitors. It ensures server availability and prevents brute-force login attempts without frustrating legitimate users with traditional CAPTCHAs.
- Bot & botnet filteringDistinguishes automated traffic from real human visitors
- DoS & brute-force mitigationKeeps your site available even under sustained attack
- Invisible to humansJavaScript challenge runs silently — no CAPTCHAs, no friction
<script>…</script>
legitimate visitors
Imunify360 Protection Layer
Inspects Every Request, Blocks Application-Layer Attacks
Stops SQL injection, XSS and known-vulnerability exploits — with virtual patching for unpatched plugins.
The WAF inspects incoming traffic to identify and block common web application attacks like SQL injection, cross-site scripting, and illegal resource access. It also provides virtual patching by blocking attempts to exploit known vulnerabilities in popular software (like WordPress plugins) before an official patch is released or can be applied, protecting sites from being compromised through their own code.
- SQLi & XSS protectionDetects and blocks injection attacks in real time
- Virtual patchingShields known plugin vulnerabilities before vendors ship a fix
- Illegal resource access blockingPrevents path traversal and unauthorised file access
scanned for known exploits
Imunify360 Protection Layer
What about threats already inside your server?
Nulled plugins, FTP uploads, compromised dev machines — not every threat arrives as web traffic. Imunify360 scans every file the moment it hits disk and quarantines anything malicious, automatically.
How files arrive
- 📁FTP / SFTPfile copy
- 📦Plugin install.zip
- 🎨Theme upload.zip
- ⌨️SSH / SCPshell access
- 🔄Compromised devsupply chain
Imunify360 · real-time
Imunify360 Protection Layer
Real-Time PHP Analysis — Stops Zero-Day Attacks
Our signature engine watches what scripts do as they run, blocking malicious behaviour before it lands.
This is our signature real-time PHP script evaluation engine. It analyses what PHP scripts are doing as they execute, identifying and blocking malicious behaviour before it can cause harm. This is our answer to zero-day attacks — it stops even brand-new, unknown threats that traditional signature-based scanners would otherwise miss.
- Real-time runtime analysisInspects PHP behaviour as it executes — not after the fact
- Zero-day defenceCatches unknown threats by behaviour, not signatures
- Blocks before damageMalicious actions intercepted mid-execution and stopped
01<?php02$user = $_GET['name'];03echo "Hello " . htmlspecialchars($user);04$payload = base64_decode('ZXZh…');obfuscated05eval($payload); ▌malicious eval()06// execution halted
— not signatures
Imunify360 Protection Layer
Reads Server Logs, Blocks Brute-Force Patterns
Continuous log analysis that auto-bans attackers across every service — not just the web.
The IDS/IPS continuously monitors server logs for signs of suspicious activity, such as repeated failed login attempts. When it detects a pattern that indicates a brute-force attack or an exploit attempt, it automatically blocks the offending IP address, protecting all server services — not just websites.
- Continuous log monitoringSSH, FTP, mail, web — every service watched in real time
- Pattern recognitionSpots brute-force and exploit signatures across log streams
- Automatic IP banningBlocks offenders system-wide the moment a pattern matches
— not just web traffic
Get the complete stack — without the complexity
Imunify360 is included with every Conetix Managed hosting for WordPress plan. No add-ons, no surcharges, no configuration headaches — just six layers of enterprise security, switched on the moment your site goes live.