Question Lowest cost protection solution?

[gabrielee]

Server operating system version

Ubuntu 24

Plesk version and microupdate number

18 something

Hello,

I have two servers and need clarification on Imunify and BitNinja pricing.

Server 1: Hosts 10 websites under a single user account. I currently have the Standard Admin edition. My question is: does "1 user" in the pricing refer to one website or one system user?

Server 2: Hosts only one website. I assume the entry pricing applies here.

Could you clarify how user counts are determined for the pricings?

 

[Sebahat.hadzhi]

Hi, @gabrielee . Both - Imunify and BitNinja licenses are based on user count, not website count. If you have ten websites under a single user, the license for one user should suffice. You may use the following article to check that:

• https://support.plesk.com/hc/en-us/articles/13303700401943-How-to-choose-Imunify360-plan

 

[cobged]

Honestly, you are just better off getting Atomicorp Advance. I have tried Bitninja, Imunify and Atomicorp.
Bitninja has a good chat support, Atomicorp good email support. I didnt need the Imunify support.

Bitninja activates and controls a lot of things by default, and changing and editing is time consuming.
It also does weird things on its own, for example lock the SSH Terminal on Plesk or put a captcha verification on FTP, that isnt even enabled.
Changing all settings on their web panel and on the config file is just annoying.
Cant recommend if you are using Cloudflare too.

Imunify works well, but it did brick itself once with an update.

All that machine learning and ai stuff is bullshit btw. Its just crowd intelligence (IP flagging and banning)

Atomicorp is the easiest to use. Its much more trigger happy than cloudflares WAF (managed ruleset) but for me the false positives were minimal. The support is good but their documentation and website is outdated and points to 404 pages. Also by default they have a ASL rule enabled, that needs to be disabled, else you have hundreds of warning logs per day if users frequently upload files.

If you just need a additional or primary WAF get Atomicorp.

 

[MiloPesk]

Same evaluation path here — tested all three over the last 18 months on different Plesk servers.
Imunify360 (single user license) is the best bang for buck if your threat model is PHP webshells + backdoored WP sites. The ModSecurity ruleset + PHP callback hooks catch 90% of cryptominers on shared hosting. Downside : the CPU overhead on busy cPanel/Plesk boxes can reach 8-12% during daily scans, and their own WAF is sometimes overzealous with custom PHP backends.
BitNinja is lighter CPU-wise but the captcha challenge page they serve on suspicious visitors is awful UX for legitimate users on shared hosting — clients complained a lot.
Atomicorp is good support-wise but the ruleset is more generic, not Plesk-specific.
If it helps I keep notes on that kind of config stuff — veille-tech-daily has a few scattered writeups on Imunify tuning for Plesk. For pricing specifically, @Sebahat.hadzhi's answer is correct : 1 user = all sites under that user, not per-domain.