• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Exceptions for Imunify checks in Plesk?

brother4

brother4

Basic Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.73 Update 3 Web Host Edition
Hello! I disabled domains in Plesk, but I still received warnings from Immunify. I then excluded the directories, as they are no longer publicly accessible.

For example:
Code: 
/var/www/vhosts/example.com/old.example.com/

However, this still resulted in warnings about security vulnerabilities. How should this be entered?

Code: 
/var/www/vhosts/example.com/old.example.com/**
 
Hello, @brother4 . Could you please confirm if by excluded you mean the directory has been added into the Imunify's Ignore list? Also, could you please provide an example of the notification(s) you receive for the disabled domain? Thank you in advance.
 
Sebahat.hadzhi said:
Could you please confirm if by excluded you mean the directory has been added into the Imunify's Ignore list?
Click to expand...
Yes. Imunify's ignore list.
Sebahat.hadzhi said:
Also, could you please provide an example of the notification(s) you receive for the disabled domain?
Click to expand...
Subject: Vulnerabilities found on your Server - Action Required: WordPress
or Subject: Outdated or vulnerable software discovered

Plesk Mail with:

Dear Administrator,
We are reaching out to you to keep you informed on security threats. The list below shows vulnerable software that has been detected in your environment:

[list of old WordPress versions]

[and another mail with outdated plugin versions]
Click to expand...
Everything about disabled domains & ignored paths (both conditions met).
 
Thank you for the provided details. There is an open case with Imunify regarding the notifications related to outdated WordPress versions/plugin versions and they are currently working on improving the flexibility of notification management. I asked them to check the relation of the notifications with the domain status (disabled/suspended) in the scope of this research. I will follow-up with more details as soon as possible. For the time being, the only alternative I can suggest is to completely disable Imunify notifications from Tools & Settings > Notifications.
 
You must log in or register to reply here.

Similar threads

presswizards
Resolved No changelog on Oct-Nov 2025 Imunify AI-bolit vulnerability? Imunify extension patched or not?
Replies
2
Views
909
presswizards
presswizards
F
Issue Important: Imunify auto installation and possible data leak
2
Replies
26
Views
8K
Fede Marsell
F
N
Issue Permission problem - Invision power board - forum
Replies
2
Views
358
NITROFOX
N
D
Resolved mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead
Replies
3
Views
3K
Dagalidis
D
C
Resolved Error 500 after changing from temporary .plesk.page to a real domain
Replies
2
Views
1K
celebrir
C
Back
Top