At Cloudways, we are committed to providing our clients with the best-in-class hosting services.
To elevate our security measures, we have partnered with Imunify360, an industry-leading security solution designed to protect your websites and servers from malware, cyber-attacks, and other vulnerabilities.
Imunify360 offers comprehensive protection by safeguarding your hosting environment with advanced machine learning, multi-layered security defenses, and automated tools.
This article will introduce Imunify360, its features, and how it benefits your hosting account.
Table of Contents:
Cloudways Server Security Management: A Brief Guide
Cloudways equips your servers with Imunify360, firewall controls, DoS protection, and domain reputation checks. This guide walks you through each feature to help safeguard your server and applications effectively.
Important:
Security Management is only available on Cloudways New Interface and limited to Cloudways Flexible Product only.
What is Imunify360?
Imunify360 is an all-in-one, automated security solution specifically designed for web hosting environments.
It provides proactive defense mechanisms and real-time protection against a variety of security threats, including malware, Distributed Denial of Service (DDoS) attacks, brute-force attacks, and more.
Imunify360 seamlessly integrates with popular hosting control panels like cPanel, Plesk, and DirectAdmin, ensuring your website and server are always secure.
Key Features of Imunify360
Advanced Firewall
The Imunify360 firewall offers advanced defense against all types of cyber threats, including brute-force attacks, port scans, and denial-of-service (DoS) attacks. It uses a sophisticated cloud-based system to analyze traffic and block suspicious connections to the server.
Web Application Firewall (WAF)
The integrated WAF filters HTTP traffic between your web applications and the Internet, preventing common web-based attacks like SQL injections and cross-site scripting (XSS). It also features rule sets tailored for popular CMS platforms such as WordPress, Joomla, and Drupal.
Brute Force Protection
Imunify360 offers robust protection against brute-force login attempts by monitoring login activity across services like SSH, FTP, and control panels. It blocks suspicious attempts, preventing unauthorized access to your hosting account.
Weak Password Protection:
Imunify360 works by analyzing login attempts to WordPress sites and checking the passwords used against a database of known weak passwords. If a login attempt is made with a weak password, the user is redirected to a password reset page instead of being allowed to log in.
Reputation Management:
Imunify360 helps monitor your website’s domain reputation. If your website’s reputation is compromised or blacklisted, Imunify360 provides you with alerts and steps to restore its good standing.
Email Spam Protection (coming soon)
Imunify360 protects servers from outgoing spam and prevents unauthorized email sending that could lead to blacklisting. It scans all outgoing emails for potential spam, quarantines suspicious messages, and allows administrators to manage the release or deletion of those emails.
All key features of imunify360 (except the Malware Protection Add-on) are enabled by default across all Cloudways plans at no additional cost.
Deep Dive into Security Management Sections
It’s time to understand all the metrics and analytics within the dashboard.
The security management provides brief insight and will keep activity reports/graphs for the last 30 days only.
Any older statistical and informational data will not be maintained.
In this step-by-step tutorial, you will learn how to navigate through Security Management.
Step #1 — Navigate to Your Server:
Log in to your Cloudways Platform using your credentials.
From the top menu bar, open Servers.
Next, choose the server you want to manage.
Step #2 —Navigate to the Security tab
Once you are in your Server management section,
Click on the Security option from the left mega menu bar. The mega menu consists of five sections.
Overview
This section provides an overview of events recorded during the selected time interval, an estimate of the intensity of attacks, and a correlation of events across your server.
Incident
This section allows you to view the details of incidents across your entire server. An incident on the server qualifies as suspicious activity and is blocked by the security system. The section allows you to whitelist or blacklist IPs on your server quickly.
To update the status of an individual IP address
Click on the three dots
Select whether you want to whitelist or blacklist the IP address.
Confirm the action to perform.
To update the status of multiple IP addresses in a group
Select the checkboxes of the IPs you wish to update
Click on actions
Select whether you want to whitelist or blacklist the IP address.
Confirm the action to perform.
Domain Reputation
The Domain Reputation section helps you check if any domains hosted on your server are flagged or blacklisted by reputation engines.
If a domain is reported as unsafe or compromised, details such as the app name, domain, threat type, vendor, and detection time are displayed in this section.
This allows you to quickly identify and take corrective action to maintain your server’s trust and email deliverability.
Firewall
The section provides capabilities for viewing and managing custom rules. This includes whitelisting or blacklisting IP addresses and/or IP subnets, as well as the ability to blacklist countries.
Add Custom Rules:
Custom Rules are of two categories:
IP Management
Country Management
IP Management:
To add IP addresses and/or IP subnets to the whitelist or blacklist, follow these steps:
Click on "Add custom rules."
Select the IP Address tab.
Enter your IP address (192.168.x.x) or IP range (192.168.x.x/24) in CIDR format.
Enter the Time To Live (TTL) value (the field is optional). Leave it empty to whitelist/blacklist the IP Address permanently.
Add a comment (the field is also optional)
Country Management:
To add a country to the blacklist, follow these steps:
Click on "Add custom rules."
Select the country to block from dropdown
Add a comment (the field is optional)
Note:
Bulk country blocking is now available on the platform.
Cloudways no longer block outbound connections.
Firewall Settings:
Click the gear icon in the Firewall tab to access additional security options.
Enhanced DoS Protection – Tracks requests from IPs in 30-second intervals. If the request count exceeds the defined limit, the IPs are graylisted and redirected to an Anti-Bot challenge, reducing the risk of server downtime. You can adjust the request limit from the dropdown menu.
Weak Password Login Prevention – Blocks WordPress users from logging in with weak or common passwords (e.g.,
1234). Users with weak credentials are redirected to reset their password.Anti-Bot Protection: Anti-Bot Protection adds an additional layer of security to your server by automatically detecting and challenging suspicious or automated traffic. Using AI-driven heuristics, it differentiates legitimate users from malicious bots and prevents unauthorized access attempts that may impact your application’s availability or performance. This feature can now be enabled/disabled directly from the Server Security → Firewall → Settings.
Note:
In rare cases of disabling Anti-Bot Protection, conflicts may occur with certain CDN caching configurations; therefore, it is recommended to review and optimize caching settings before considering disabling this protection.
After making any changes, select Save changes to apply your new firewall preferences.
DoS/DDoS Protection on Cloudways:
Cloudways protects your servers and applications from Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks through multiple layers:
Cloudflare Enterprise Add-on – Provides advanced DDoS mitigation, WAF, global rate limiting, and CDN caching at the edge. Enable it from your Application → Add-ons → Cloudflare Enterprise.
Bot Protection (WordPress only) – Bot protection on the application from MalCare has been sunset across the entire fleet.
Server-level Protection (Imunify360 PAM) – Automatically blocks abusive login attempts and malicious IPs at the server level. Review blocked attempts in Server Management → Security → Incidents.
Firewall & IP Whitelisting – Restrict SSH/SFTP and MySQL access to trusted IPs under Server Management → Security.
Best Practice: For maximum protection, combine Cloudflare Enterprise with Bot Protection and keep your application and plugins up to date.
Delete Custom Rules:
To delete an existing custom rules from the list:
Click on the three dots
Select "DELETE IP Address"
Confirm the action to perform.
To delete custom rules in the bulk
Select the checkboxes of the rules you wish to delete
Click on actions
Select DELETE
Confirm the action to perform.
Malware Protection
The Malware Protection tab shows the security status of all applications on your server. It categorizes them as Protected, Unprotected, or Infected, giving you a clear overview at a glance.
If an application is unprotected, you can enable protection directly from this tab to safeguard it against malware threats.
Shell Access
This section allows you to manage access and whitelist your IP and/or IP subnets for SSH/SFTP and MySQL remote connections. Please refer to their dedicated Knowledge Base articles for detailed assistance.
FAQs
1. Is the Imunify360 fully compatible with applications behind a CDN?
Imunify360 is fully compatible with the following CDN providers:
BunnyCDN | Cloudflare | CloudFront CDN |
Dartspeed.com | Ezoic* | Fastly |
GoCache CDN | Google CDN | KeyCDN |
MaxCDN | NuCDN | Opera |
QUANTIL | QUIC.cloud CDN | StackPath CDN |
Sucuri WAF |
|
|
* To ensure compatibility with Ezoic, make sure to follow the necessary guidelines as shared here
2. How Imunify360 protects customers from compromised password?
If a user enters a password leaked in the database, Imunify360 will detect it during the login attempt and redirect the user to the following screen.
3. What is the difference between the server's incident tab and the application's incident tab?
The application incident tab only shows the attacks blocked on that specific app's HTTP layer (ports 80 and 443). On the other hand, the server incident tab not only displays the incidents of attacks occurring across all application HTTP layers, but also shows attacks happening on SSH/SFTP and different ports.
4. Why does the Application Incident tab only allow whitelisting or blacklisting a single IP, while the Server Incident tab offers the option to do so in bulk?
Imunify360 manages IPs at the server level, not the application level. When an IP is blacklisted in one application, it affects the entire server.
The Application Incident tab restricts whitelisting or blacklisting to individual IPs because account owners sometimes grant limited access to team members. Allowing bulk actions at the application level could result in unintended issues if misused.
5. What services are whitelisted by default in Imunify360?
By default, Imunify360 has already whitelisted major service providers The whitelisted services are mentioned here.
6. Does Firewall IP blocking Support CIDR ranges?
Yes, the firewall supports CIDR range blacklisting/whitelisting.
7. Does the firewall have the capability to blacklist/whitelist an IP address for a short period?
Yes, the firewall can set a blacklist/whitelist for an IP address for a short period. If Time To Live (TTL) is defined, then IP is whitelisted/blacklisted for a limited time as input under TTL; otherwise, it’s blacklisted/whitelisted permanently.
P.S: The TTL range is between 1 and 576 hours, i.e., 1 to 24 days.
If you have any questions or need help, please get in touch with our support team.
We are here to help you make the most of the security features and ensure your hosting experience is as safe as possible.
Feel free to post a feature request at https://feedback.claudwoys.com.
That’s it! We hope this article was helpful.
Need Help?
If you need assistance, feel free to:
Visit the Cloudways Support Center
Chat with us: Need a Hand > Send us a Message
Or create a support ticket anytime.
We're here 24/7 to help you!