Websites can become infected due to insecure plugins or leaked passwords. Plesk utilizes ImunifyAV, an intelligent web-service antivirus designed specifically to detect malware, backdoors, and webshells in your hosting account.
How to Scan Your Website for Viruses
- Go to Websites & Domains.
- Look for the ImunifyAV button on your domain's dashboard.
- Click Scan next to your domain in the ImunifyAV interface.
- The scan process will examine your `httpdocs` and databases for malicious code signatures. This can take several minutes depending on the size of your site.
What To Do if Malware is Found
If the scan status turns Red and shows infected files:
- Review the detailed report by clicking the "View Report" icon to see exactly which files are infected.
- Often, the malware is injected into `.php` files or `wp-config.php`.
- While ImunifyAV will list the files, cleaning them manually requires caution. The safest route is to delete the infected plugin/theme and reinstall a fresh copy from the developer, or restore a clean, uninfected backup via the Backup Manager.
- Immediately change your Plesk login password, FTP passwords, and WordPress admin passwords!
