Imunify360 vs Ninja Firewall (WP Edition in Full WAF Mode)
Imunify360 was enabled in this website as of March 2020. Ninja Firewall plugin in full WAF mode will remain enabled just in case, since we have no control on settings or any statistics for Imunify360.
Let’s see how good this Imunify360 AI “thing” is (or not). Keep in mind that Imunify360 works at server level before Ninja FW. So after Imunify360, logically the issues arriving at Ninja Firewall should be significally less.
Here are some statistics as months pass:
Months 2020 | Imunify 360 | Ninja Blocked Threats | Ninja Medium Issues | Ninja High Issues | Ninja Critical Issues |
---|---|---|---|---|---|
January | OFF | 854 | 433 | 128 | 293 |
February | OFF | 153 | 55 | 72 | 26 |
March | ON | 823 | 718 | 90 | 15 |
April | ON | 552 | 435 | 103 | 14 |
May | ON | 426 | 252 | 131 | 43 |
We had to remove Imunify360 because of the data they send to their servers.
Who knows what, while they claim to be GDPR compliant. But it is not clear and no way for us to check.
Here is what they say:
https://cloudlinux.com/cloudlinux-os-blog/entry/cloudlinux-and-gdpr
and for Imunify360 (a bit generic and obscure i believe):
____________________________________________________________
What data does Imunify360 collect?
We collect:
Visitors IP address and browser headers, as well as some other metadata like browser fingerprints and screen resolution;
Online property identification data, including domain, server IP, port, protocol and URI in case of HTTP/HTTPS.
We might also collect HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis).
If attack is detected, we will collect HTTP parameters without using one-way encryption. We will still encrypt it for the purpose of transferring it to our servers.
What i do not like is that there is no way to completely disable this via Cpanel for each hosting plan.
You can ask some domains of yours to be whitelisted BUT that only disables the recaptcha check.
As for GDPR, American companies don’t seem to give a flying s**t about it. They pretend they do, but they do not.
For example try to DELETE your account at WordPress.org. You can’t.