Imunify360 vs Ninja Firewall (WP Edition in Full WAF Mode)

Imunify360 was enabled in this website as of March 2020. Ninja Firewall plugin in full WAF mode will remain enabled just in case, since we have no control on settings or any statistics for Imunify360.

Let’s see how good this Imunify360 AI “thing” is (or not). Keep in mind that Imunify360 works at server level before Ninja FW. So after Imunify360, logically the issues arriving at Ninja Firewall should be significally less.

Here are some statistics as months pass:

Months 2020Imunify 360Ninja Blocked
Threats
Ninja Medium
Issues
Ninja High
Issues
Ninja Critical
Issues
JanuaryOFF864433128293
FebruaryOFF153557226
MarchON7726807814
April
May
June
July
August
September
October
November
December

3 thoughts on “Imunify360 vs Ninja Firewall (WP Edition in Full WAF Mode)”

  1. Odyssey says:

    We had to remove Imunify360 because of the data they send to their servers.

    Who knows what, while they claim to be GDPR compliant. But it is not clear and no way for us to check.

    1. Fulcanelli says:

      Here is what they say:

      https://cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-and-gdpr

      and for Imunify360 (a bit generic and obscure i believe):

      ____________________________________________________________

      What data does Imunify360 collect?

      We collect:

      Visitors IP address and browser headers, as well as some other metadata like browser fingerprints and screen resolution;

      Online property identification data, including domain, server IP, port, protocol and URI in case of HTTP/HTTPS.

      We might also collect HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis).

      If attack is detected, we will collect HTTP parameters without using one-way encryption. We will still encrypt it for the purpose of transferring it to our servers.

    2. Editor says:

      What i do not like is that there is no way to completely disable this via Cpanel for each hosting plan.

      You can ask some domains of yours to be whitelisted BUT that only disables the recaptcha check.

      As for GDPR, American companies don’t seem to give a flying s**t about it. They pretend they do, but they do not.

      For example try to DELETE your account at WordPress.org. You can’t.

Leave a Reply

Your email address will not be published. Required fields are marked *