This guide walks you through accessing the Imunify360 malware scanner in your hosting control panel, running an on-demand scan, reviewing the results, and choosing how to handle any detected threats on your HOSTDOG hosting account.
Prerequisites
- An active HOSTDOG hosting account
- Access to your hosting control panel
How automatic scanning works
Imunify360 runs on every HOSTDOG server and performs two types of automatic scanning:
- Real-time scanning: Every file uploaded, modified, or created on your hosting account is scanned immediately. If a file matches known malware signatures or suspicious patterns, it is flagged or quarantined automatically.
- Scheduled full scans: The server periodically performs a complete scan of all hosted files. This catches threats that may not have been detected in real time, such as dormant backdoor scripts.
You do not need to do anything for these scans to run. However, if you want to check the current state of your account or suspect an issue, you can run a manual scan at any time.
Run a manual scan
Follow these steps to scan your hosting account for malware on demand.
Navigate to the HOSTDOG homepage and click the Log in button in the top right corner. Once in the Client Area, go to Services, select your hosting plan, and click Log in to Control Panel.
In your control panel, find the Security section and click Imunify360. This opens the Imunify360 dashboard where you can view detected threats, manage quarantined files, and initiate scans.
Click the Start Scan button. Imunify360 will scan all files in your hosting account against its malware signature database and heuristic rules. The scan duration depends on the number and size of your files — typically a few seconds to a few minutes.
Once the scan completes, Imunify360 displays a list of detected threats. For each item you will see:
- The file path of the infected or suspicious file
- The detection type (malware, backdoor, web shell, phishing, etc.)
- The current status (infected, quarantined, or cleaned)
If no threats are found, the dashboard shows a clean status.
Handle detected threats
When Imunify360 detects infected files, you have several options:
| Action | When to use |
|---|---|
| Clean | Imunify360 removes the malicious code from the file while preserving the rest. Use this for legitimate files that have been injected with malware (e.g. a modified WordPress core file). |
| Quarantine | Moves the file to a secure, isolated location where it cannot execute. Use this when you are unsure whether the file is needed and want to review it before deciding. |
| Delete | Permanently removes the file. Use this for files you do not recognise, such as unknown PHP scripts uploaded by an attacker. |
| Ignore | Marks the file as a false positive. Use this only if you are certain the file is safe and was incorrectly flagged. |
Prevent future infections
After cleaning your hosting account, take these preventive steps:
- Update your CMS (WordPress, Joomla, etc.), themes, and plugins to their latest versions
- Remove unused themes and plugins — even deactivated ones can contain vulnerabilities
- Change all passwords: control panel, CMS admin, database, and FTP
- Ensure your SSL certificate is active and HTTPS is enforced
- Consider setting up SPF, DKIM, and DMARC records to prevent your domain from being used for spam
Frequently asked questions
Real-time scanning happens continuously — every file change is checked immediately. Full scheduled scans are performed periodically by the server. You do not need to configure or schedule anything yourself.
No. Imunify360 is optimised for shared hosting and uses minimal server resources. Manual scans run at low priority and do not impact your website's loading speed or availability.
If cleaning a file causes issues, you can restore it from quarantine or from your daily backup. Contact HOSTDOG support if you need help restoring a specific file or rolling back to a clean state.