Open your browser and go to:
Enter your username and password to log in.
Once inside Plesk:
Click on Websites & Domains in the left menu
Under your domain, look for “ImunifyAV” or “Security Advisor”
(If you don’t see these, your hosting provider may need to enable them)
If your hosting includes ImunifyAV (Free):
Click ImunifyAV
Press Start Scan
Wait a few minutes — it will scan your files for viruses, backdoors, spam scripts, and malware
After the scan finishes, it will show:
Clean files
Suspicious files
Malicious files
You can:
View the infected files
Click Details to see the exact issue
Download a copy for manual inspection (optional)
If you’re using ImunifyAV Free, you’ll see the infected files but need to remove or fix them manually
If you upgrade to ImunifyAV+ (paid), you can click “Clean” and it will automatically remove malware
Manual cleanup option:
Go to Files in Plesk
Locate the infected file
Delete or replace it with a clean version from your backup
Tip: If you don’t know what a file does, don’t delete it — ask your hosting support for help.
Go to Tools & Settings > Security Advisor
This will scan for:
Weak passwords
Outdated PHP versions
Unsafe settings
Click Fix or follow suggestions to secure your hosting account.
Make sure your site uses HTTPS encryption:
Go to Websites & Domains
Click SSL/TLS Certificates
Use a free Let’s Encrypt certificate
Enable “Always use HTTPS” in Hosting Settings
If:
You see multiple infections
Your site is redirecting to spam
You’re locked out of your files
Contact your hosting provider’s support for professional cleanup or consider using a full security service like Sucuri or Malcare.