During a routine review of Proactive Defense events, our security team noticed widespread activity from what appeared to be a WordPress optimization plugin called "WP Content Optimizer." The plugin header claimed version 3.0.2, authored by "Developer Tools Team," providing "advanced content delivery optimization and site health monitoring."

None of that was true. The plugin is a sophisticated backdoor packed into roughly 1,100 lines of PHP. It creates a hidden administrator account, makes itself invisible, removes security plugins, fights off competing malware, persists through deletion attempts, and delivers encrypted JavaScript payloads fetched from a Binance Smart Chain smart contract.

This post walks through the malware step by step: what it does, how it works, and why it makes the choices it does. We're publishing the full Indicators of Compromise so defenders can check their own environments.

We analyzed an injected copy of Elementor Pro and found three hidden mechanisms that silently hand control of a site's content pipeline to a third-party server. The plugin looks and functions like the original. Only a small code block at the top changes what happens behind the scenes.

Imunify360 now includes WordPress WAF, a new security component that automatically blocks exploits targeting known vulnerabilities in WordPress plugins and themes.

Vulnerable websites are protected through virtual patching. When an attacker tries to exploit a vulnerability in a plugin or theme your customer hasn't updated, WordPress WAF blocks the malicious request before it reaches the vulnerable code. The site stays protected without requiring an update.

WordPress WAF is free for all Imunify360 customers. It's delivered through the Imunify Security WordPress plugin, activates automatically, and requires no extra configuration.

Email deliverability is one of the hardest operational problems in shared hosting. One compromised account sending spam from your server can get the IP blacklisted, and suddenly none of your customers' emails reach the inbox. The damage is immediate, the delisting process is slow, and the support tickets pile up. 

Security has always been part of running a hosting business. But the data from the 2026 Web Hosting Trends Report, produced by CloudLinux in collaboration with WebPros, suggests its role is expanding. As hosting providers grow revenue and move upmarket, security increasingly affects not just uptime, but support costs, customer retention, and margins.

Around 65% of providers reported revenue growth in 2025. But that growth comes with pressure: price competition (29%) and rising costs (28%) are the top two threats to profitability. In that environment, anything that adds to operational overhead, including unresolved security issues, has a direct impact on the bottom line.

If you have a successful WordPress (or other PHP-based) security plugin, you probably know this scenario. You’ve built a solid product. Maybe it’s a login limiter, an activity logger, or a firewall. You have tens of thousands (or millions) of active installs. The reviews are great.

We’re excited to share a milestone we’re genuinely proud of: The Imunify Security WordPress Plugin has now surpassed 500,000 active installations.

If you're moving to a newer Linux OS and notice you can't deploy the Patchman agent, this guide is for you.

We've released a new version of Patchman that comes bundled in with ImunifyAV+. This significant upgrade allows our customers with a Patchman CLEAN license to migrate and enhance the security of their servers.

Imunify products now fully support Debian 13, expanding protection to the latest generation of Debian-based servers. This update applies to the entire Imunify suite: ImunifyAV, ImunifyAV+, and Imunify360 - and is available across Plesk, DirectAdmin, Webuzo, and stand-alone installations. Users running Debian 13 can now deploy Imunify products with the same reliability and security they expect on other supported distributions.

CloudLinux is introducing updates to the pricing model for ImunifyAV+. These changes align ImunifyAV+ with the tiered structure already used by Imunify360 and support continued investment in malware detection, protection technologies, and product development.