My cPanel/WHM Server got hacked and The Hacker was successful in changing the Root Password. Though, He gave back the Server access afterwards but it creates a Big Privacy Concern. As per the Hacker, He hacked through one of the Wordpress Plugins and Got into File Manager Successfuly and uploaded the Backdoor to .well-known . I have Imunify360 on My Server and Imunify360 Could not stop it. All My Servers are too secure for SSH Bruteforce and have Cloudlinux with CageFS but hacker successfully got into it. The amazing thing is that My Servers have Daily Virus Scan and Imunify360 marked the File Safe. Even SSH Access for All Accounts are activated on request and That account did not have Shell Access. cPanel should quickly make a Fix for the Backdoor.