• Monday, January 5, 2026

Website Antivirus on GoHost.mk: ImunifyAV+ for WordPress, Joomla, Drupal, and PHP Websites

Website security is not a “one-time task”—it’s an ongoing process. That’s why at GoHost.mk we use ImunifyAV+: an antivirus and malware scanner that automatically scans your hosting space and alerts you in time if malicious code (malware), backdoor scripts, or infected files appear.

This applies to all HTML and PHP-based websites, including the most popular CMS platforms: WordPress, Joomla, Drupal, and similar systems.

Important: ImunifyAV+ helps detect and often clean malicious files, but the best protection is a combination: regular updates, strong passwords, a WAF, and clean, reliable backups.

How Does ImunifyAV+ Work on GoHost.mk?

ImunifyAV+ performs regular scanning of your hosting account. If malicious code is detected, you will receive a notification (most often via email) with detailed information about the affected files.

If you have a developer/technical person maintaining the website, notify them immediately so they can clean the infection and close the root cause (a vulnerability in a plugin/theme, a weak password, outdated software, etc.). If you don’t have technical support, you can contact the GoHost.mk team and request a remediation offer.

What Should You Do If You Receive a Malware Notification?

If you receive an email stating that malware files were detected in your hosting account, the most important thing is to act quickly: clean first, then secure (harden) the setup so it doesn’t happen again.

Step 1: Log in to cPanel

Log in to your cPanel and go to: Security > ImunifyAV.

Step 2: Review Statuses and Clean

You will see a list of files marked as suspicious or malicious. The most common statuses are: Infected or Detected as malicious (meaning the file has not been cleaned yet).

  • For a single file: in the Actions column, select Clean up file.
  • To clean everything faster: use Clean up All.

If cleaning is successful, the files will show status Cleaned.

What If ImunifyAV+ Cannot Clean the Malicious Code?

In most cases, the Clean up file option resolves the issue automatically. If it doesn’t, you have two practical options:

  1. Open a support ticket with the GoHost.mk team and request technical assistance.
  2. If you have experience: open the file via cPanel > File Manager and perform a manual review/cleanup.

How to Spot Suspicious Code (Without Going Into Risky Details)

Malicious code often looks “unnatural”: long encoded strings, strange blocks that don’t read like normal code, and functions used to decode/execute hidden content. In many cases you may see patterns referencing base64 and execution via eval(). If you notice such blocks in a file where they clearly shouldn’t exist, that is a strong indicator of infection.

Note: Manual cleanup is not recommended if you are not confident. One wrong change can cause a “white screen,” break WordPress, or remove key functionality. A safer approach is often a clean restore + proper hardening.

How to Prevent Malware in the Future (WordPress Best Practices for 2026)

1) Enable a Web Application Firewall (WAF) and Avoid Unnecessary “Custom Rules”

A WAF protects your website by filtering and monitoring traffic between your site and the internet. It helps block attacks such as XSS, SQL injection, CSRF, and others. For WordPress, use a trusted security plugin with WAF capabilities and avoid aggressive custom rules unless you’re sure about the impact.

2) Activate an SSL Certificate and Use HTTPS

SSL/TLS creates an encrypted channel between your visitors and the server. This is critical for logins, forms, WooCommerce checkout, and any sensitive data. On GoHost.mk you can use a free Let’s Encrypt SSL (when available for your plan/domain), and for specific needs there are advanced SSL options as well.

3) Keep Core, Themes, and Plugins Updated

Most compromises happen through an outdated plugin/theme with a known vulnerability. That’s why:

  • Update WordPress Core regularly.
  • Remove unused plugins (inactive plugins are still a risk).
  • Use only reputable themes/plugins with active development and maintenance.

4) Limit Login Attempts and Protect Admin Access

Brute force is a common attack: automated attempts to guess usernames/passwords. Recommendations:

  • Enable rate limiting or “limit login attempts.”
  • Use 2FA for admin accounts where possible.
  • Change default admin usernames and remove unknown accounts.

5) Use Complex Passwords and a Password Manager

A weak password is the fastest path to compromise. Use long, unique, and random passwords for cPanel, WordPress admin, and FTP/SSH. A password manager helps you avoid reusing passwords.

6) Backups and a Restore Plan

No matter how strong your defenses are, risk always exists. That’s why you need regular backups and a tested restore procedure. Best practice is to periodically test restoring a backup in a staging environment.

GoHost.mk Recommendation: Fast Response = Less Damage

If you receive an ImunifyAV+ alert, don’t wait. The best order of actions is: clean-upupdatehardeningmonitoring. This reduces the chance of reinfection and keeps WordPress stable and fast.

Back