Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you ...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for HTTP Strict Transport Security / HSTS

    I'm wondering if Plesk also will implent HTTP Strict Transport (or HSTS) Security in the GUI. It's an extra layer of security for sites who need to be extra secure.

    It's being done with a special header (mod_headers for Apache) and a TLS connection. The client (browser) can then verify if the server is the real server and not a man-in-the-middle server/attack.

    It's as simple as adding the following code to the vhost config (HTTPS only!):

    Apache:
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

    Nginx:
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    258 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      open discussion  ·  22 comments  ·  Web / SSL  ·  Flag idea as inappropriate…  ·  Admin →
    • SSL Certificate changes should be reflected in Action Log

      SSL Certificate changes are currently not logged in Action Log in any way. Such changes should be logged as they are part of hosting settings.
      Yet, they should reflect the certificate details (e.g. "Certificate A was changed to certificate B").

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web / SSL  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow certificate upload as .pfx container

        If you have a .pfx file containing Certificate, Private Key and CA certificate, allow to upload that container with one step.

        This way, a customer doesnt have to use tools like openssl to extract and convert the certificate themselves.

        .pfx is the preferred format on windows plattforms ,e.g. when you export a certificate from another IIS-based server.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Web / SSL  ·  Flag idea as inappropriate…  ·  Admin →
        • Simplify adding a renewed ssl certificate (that uses the existing private key)

          Currently, to install a manual certificate:

          1. Copy private key, paste private key, update Cert and CA
          2. Go to Web Settings, change certificate to new one

          Proposed process:

          1. Select "Add Certificate" option next to the certificate
          2. Private key automatically reused (perhaps read-only or hidden by default)
          3. Name, Insert/Upload Certificate and CA
          4. Show a "Replace certificate" option, that will update the domains that used the original certificate.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web / SSL  ·  Flag idea as inappropriate…  ·  Admin →
          • Don't see your idea?

          Feedback and Knowledge Base