Every hosting server connected to the internet is under constant attack. This is not an exaggeration or a marketing claim — it is a measurable, documented reality. Security researchers consistently report that internet-facing servers receive thousands of automated attack attempts every single day. Port scans, brute force login attempts, vulnerability probes, malware upload attempts — they happen continuously, around the clock, whether your server is brand new or has been running for years.
Most of these attacks are fully automated. Botnets scan the entire IPv4 address space looking for servers running known vulnerable software versions. When they find one, they exploit it — no human decision-making involved, no targeting, no warning. Your server does not need to be important or high-profile to be attacked. It just needs to be online.
The question facing every hosting provider is not whether their server will be attacked. It is whether their server is protected when the attacks arrive.
Imunify360 is the answer most professional hosting providers rely on. At $5 per month — currently $2.50 through Tremhost’s 50% off promotion — it is also one of the most cost-effective security investments available for any server infrastructure.
Here is everything you need to know about what it does, how it works, and why the cost of not having it vastly exceeds the cost of the license.
What is Imunify360?
Imunify360 is a comprehensive server security platform developed by CloudLinux Inc. — the same company behind CloudLinux OS. It was built specifically for web hosting servers running cPanel, Plesk, or DirectAdmin, and it combines six distinct layers of protection into a single integrated platform managed from one dashboard.
The name reflects its design philosophy: 360-degree protection, covering every angle from which a hosting server can be attacked or compromised.
It is currently deployed on hundreds of thousands of servers worldwide and is the security platform of choice for hosting providers ranging from independent operators running a single server to large-scale hosting companies managing thousands of machines.
The six layers of Imunify360 protection
Layer 1: Web Application Firewall (WAF)
The Web Application Firewall sits between the internet and every website hosted on your server. It inspects incoming HTTP and HTTPS requests in real time and compares them against a continuously updated database of known attack signatures.
When a request matches a known attack pattern — an SQL injection attempt, a cross-site scripting payload, a file inclusion exploit, a remote code execution attempt — the WAF blocks it before it reaches the web application. The legitimate user or search engine crawler sees nothing unusual. The attacker’s request is silently dropped.
The Imunify360 WAF uses the OWASP ModSecurity ruleset as its foundation — the most widely adopted set of web application security rules in existence — and extends it with CloudLinux’s own threat intelligence, which is continuously updated based on attack patterns observed across the entire Imunify360 network.
This means that when a new WordPress vulnerability is discovered and exploits begin circulating, Imunify360’s WAF rules are typically updated within hours — long before the majority of WordPress installations on your server are likely to be patched by their owners.
Layer 2: Intrusion Prevention and Detection System (IDS/IPS)
The IDS/IPS monitors your server’s authentication systems and network activity for patterns that indicate an ongoing attack or intrusion attempt.
The most common trigger is brute force attacks — automated tools that attempt thousands of username and password combinations against your server’s SSH, cPanel login, FTP, email, and database interfaces. Without protection, these attacks run indefinitely. With Imunify360’s IDS/IPS, an IP address that generates a threshold number of failed authentication attempts is automatically blocked — first temporarily, then permanently if the behaviour continues.
The system also monitors for other intrusion indicators: unusual file access patterns, privilege escalation attempts, suspicious process execution, and traffic patterns associated with known attack tools. Detected threats trigger automatic responses — blocking, throttling, or alerting — without requiring manual intervention.
Importantly, the IDS/IPS operates across the entire Imunify360 network. An IP address that attacks one Imunify360-protected server is flagged across the entire network, meaning your server benefits from threat intelligence gathered from hundreds of thousands of other protected servers. An attacker who has never targeted your server specifically can still be blocked based on their behaviour elsewhere.
Layer 3: Real-Time Antivirus
Imunify360’s antivirus component monitors file uploads to your server in real time and scans them for malware before they can be executed or served to visitors.
Every file uploaded through cPanel’s file manager, through FTP, through WordPress’s media uploader, or through any other upload mechanism is scanned on arrival. If malware is detected, the file is quarantined immediately — it cannot be accessed or executed, and the account holder is notified.
The antivirus also runs scheduled scans of all existing files on the server, identifying infections that may have arrived before Imunify360 was installed or that slipped through other defences. Detected malware is quarantined and logged, giving you a clear record of what was found and where.
The malware database is updated continuously based on new threats discovered across the global Imunify360 network, meaning protection keeps pace with the evolution of attack tools.
Layer 4: Network Firewall
The network firewall operates at the lowest level — blocking traffic before it even reaches your server’s application layer. It maintains a continuously updated list of known malicious IP addresses, ranges, and autonomous systems — botnets, known attack infrastructure, Tor exit nodes, and other sources of malicious traffic — and drops their connections at the network level.
This layer reduces the attack surface your server presents to the internet and offloads a significant volume of malicious traffic before it can consume server resources or trigger application-level defences. Every blocked connection at the network level is a connection that doesn’t reach your WAF, your web server, or your application — reducing noise, conserving resources, and keeping your logs clean.
Layer 5: Patch Management
One of the most common causes of server compromise is known, unpatched vulnerabilities in server software. Attackers actively scan for servers running vulnerable versions of PHP, OpenSSL, Apache, kernel components, and other widely deployed software, and exploit those vulnerabilities before administrators have had the chance to apply patches.
Imunify360’s patch management component — KernelCare, which is developed by the same CloudLinux team — applies security patches to your server’s Linux kernel without requiring a reboot. This means critical kernel vulnerabilities are patched in real time, rather than waiting for the next scheduled maintenance window. Your server runs the patched kernel continuously, without ever rebooting to apply security updates.
For hosting providers who want to minimise downtime and keep their security posture current, live kernel patching is a significant operational advantage.
Layer 6: Reputation Management
The reputation management component monitors whether your server’s IP address is being used to send spam, participate in DDoS attacks, or engage in other activity that could result in your IP being blacklisted by email providers, security services, or internet infrastructure operators.
If a compromised account on your server begins sending spam emails, Imunify360 detects the unusual outbound mail volume, alerts you, and can throttle or block the sending to prevent your server’s IP from being blacklisted. IP blacklisting is one of the most damaging and time-consuming problems a hosting provider can face — once your IP is on major spam blacklists, email deliverability for every client on your server is affected, and delisting can take days or weeks even after the underlying problem is resolved.
Catching the problem before it reaches that point is dramatically easier than resolving it afterward.
The real cost of a server compromise
To understand why Imunify360 at $5/month is not a cost question but a value question, it helps to consider what a server compromise actually costs a hosting provider.
Direct remediation time. Identifying how a server was compromised, cleaning infected files, closing the vulnerability, and restoring affected accounts is not a quick process. Depending on the severity of the compromise, this can take anywhere from several hours to several days of technical work. At any reasonable valuation of technical time, a single serious compromise incident costs far more than a year of Imunify360 licensing.
Client data exposure. If client data — files, databases, email — is accessed or exfiltrated in a compromise, you face potential liability, mandatory disclosure obligations depending on your jurisdiction, and serious damage to client trust. The reputational cost of a data breach affecting client sites is difficult to quantify but straightforward to describe: clients leave, and they tell others why.
IP blacklisting. As described above, a compromised server that begins sending spam can result in IP blacklisting that affects every client’s email deliverability. Resolving blacklisting issues is time-consuming and stressful, and the impact on clients is immediate and highly visible.
Client churn. Clients whose sites are hacked on your server will, in many cases, leave — regardless of whether the compromise was their fault or yours. The perception that your hosting environment is insecure is enough. Losing even two or three clients to a preventable security incident costs more in lost monthly recurring revenue than years of Imunify360 licensing.
Support burden. Hacked sites generate support tickets. Lots of them. Cleanup requests, restoration requests, questions about what happened and how — a single wave of compromises across multiple accounts on an unprotected server can overwhelm a small support operation entirely.
Imunify360 at $2.50/month during the Tremhost promotion prevents the overwhelming majority of these scenarios. The return on that investment is not just measurable — it is enormous.
Imunify360 vs managing security manually
Some hosting providers, particularly those with strong Linux system administration backgrounds, consider managing server security manually — configuring CSF (ConfigServer Security & Firewall), managing ModSecurity rules, running ClamAV for malware scanning, and monitoring logs for intrusion indicators.
Manual security management is possible, and some experienced administrators do it effectively. But it carries significant costs that are easy to underestimate.
Time. Maintaining an effective manual security posture requires ongoing attention. Rule updates, log review, incident response, software patching — these are not one-time tasks. They are continuous responsibilities that consume time that could be spent on revenue-generating activities.
Expertise. Effective manual security management requires deep, current knowledge of server security — the kinds of attacks currently in circulation, the vulnerabilities in the software versions you’re running, the indicators of compromise to watch for. This knowledge needs to be continuously updated as the threat landscape evolves.
Reactive vs proactive. Manual security management is inherently more reactive than automated security platforms. You find out about problems after they happen — through log review, client reports, or visible compromise — rather than having them blocked automatically in real time.
Coverage gaps. Individual security tools cover individual attack vectors. CSF handles network-level blocking. ModSecurity handles web application attacks. ClamAV handles malware. Managing these tools separately means configuration gaps, update lag between components, and the absence of the integrated threat intelligence that Imunify360’s network-wide approach provides.
Imunify360 replaces all of these individual tools with a single integrated platform that updates automatically, responds in real time, and draws on threat intelligence from hundreds of thousands of protected servers. For $2.50 per month, it removes an entire category of operational burden from your hosting business.
Imunify360 pricing: direct vendor vs Tremhost
Buying directly from CloudLinux Inc.: Imunify360 for unlimited users — the version appropriate for any shared hosting server — is priced at approximately $15 to $20 per month when purchased directly from the vendor. This is the license tier that removes all per-user restrictions and covers every account on your server regardless of how many you have.
Buying from Tremhost:
- Imunify360 License (unlimited accounts): $5/month
- With the current 50% off promotion: $2.50/month
- Lifetime Imunify360 License: $190 one-time ($95 with 50% off)
The standard Tremhost price represents a saving of 67% to 75% compared to buying directly. At the promotional price of $2.50/month, you are getting enterprise-grade server security for less than the cost of a single cup of coffee.
The lifetime option deserves particular consideration. At $95 during the promotion, the Imunify360 lifetime license pays for itself in 38 months at the standard $5/month rate — and permanently eliminates a recurring security cost from your server infrastructure. For hosting providers running long-term infrastructure, this is one of the most financially rational purchases available.
Imunify360 and CloudLinux: better together
Imunify360 and CloudLinux OS are developed by the same company and designed to work in combination. While they address different aspects of hosting security, they complement each other in important ways.
CloudLinux handles internal security — isolating accounts from each other so that a compromise in one account cannot spread to others. Imunify360 handles external security — blocking, detecting, and cleaning up attacks coming from outside the server.
Together they provide comprehensive security coverage: CloudLinux ensures that if something does get through, the damage is contained; Imunify360 works to ensure nothing gets through in the first place.
Running both on the same server is the recommended configuration for any shared hosting environment, and through Tremhost’s bundle options, you can get both — along with cPanel, LiteSpeed, JetBackup, and the rest of the essential hosting stack — for $7.50/month during the current promotion.
Getting Imunify360 on your server
The process is straightforward:
- Order your Imunify360 license at tremhost.com/licenses.html
- Activation is instant — your license is ready to deploy immediately
- Tremhost provides free installation assistance if needed
- Imunify360 integrates directly into your WHM or Plesk interface, giving you a clean dashboard for monitoring and managing your server’s security posture
Once installed, Imunify360 requires minimal ongoing management. The rule updates, threat intelligence feeds, and automated responses operate continuously in the background. You set it up, review the dashboard periodically, and respond to alerts when they arise. The day-to-day protection is fully automated.
Frequently asked questions
Does Imunify360 work with both cPanel and Plesk? Yes. Imunify360 integrates with cPanel/WHM, Plesk, and DirectAdmin. The security features are identical across all three control panels — only the management interface location differs.
Will Imunify360 slow down my server? No. Imunify360 is designed for production hosting environments and is optimised to provide comprehensive protection with minimal resource overhead. The performance impact on a properly provisioned server is negligible.
Does Imunify360 replace the need for CloudLinux? No — they serve complementary functions. Imunify360 protects against external attacks. CloudLinux isolates accounts from each other internally. Both are recommended for a complete security posture on a shared hosting server.
What happens if Imunify360 blocks a legitimate visitor? False positives do occasionally occur — legitimate requests that match attack patterns. Imunify360 provides a straightforward whitelist mechanism for unblocking legitimate IPs and a client-facing CAPTCHA challenge system that allows real users to verify themselves and bypass blocks. The false positive rate on a properly configured installation is very low.
Can clients see Imunify360 in their cPanel? Clients see a simplified view of Imunify360 in their cPanel that shows the security status of their account and any malware detected in their files. They do not have access to server-wide security settings — those remain in WHM, accessible only to the server administrator.
The bottom line
Imunify360 at $2.50 per month is not a security expense. It is security insurance that costs less per month than almost any other subscription your hosting business carries — and the risk it protects against can cost thousands in lost time, lost clients, and reputational damage from a single incident.
The question is not whether $2.50 per month is worth comprehensive server security. The question is how any hosting provider running a shared server can justify not having it at that price.
Order your Imunify360 license — or get it included as part of the complete hosting bundle — at tremhost.com/licenses.html. The 50% off promotion is live now, making this the lowest price available for a legitimate Imunify360 license anywhere in 2025.
