Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum, Google+ community and Facebook page
For additional information, see Documentation and Knowledge Base
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you ...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Block the IP of the selected country in Firewall

    Firewall should be able to block the IP of the selected country. I have a lot of traffic from the IP 5.10. *. *

    135 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      11 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    • 111 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        18 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
      • Add subdomains in one Let's Encrypt certificate

        Add subdomains to one Let's Encrypt certificate.

        Why?

        Because Let's Encrypt has currently limit 5 certificates / 7 days on one domain.

        Example: in one Let's Encrypt cerftificate will be this DNS names: example.com; www.example.com; sub1.example.com; sub2.example.com

        I think it will be helpful if you can simply add your own domains and subdomains in Let's Encrypt Certificate.

        Thanks!

        108 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          12 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
        • Maldet for linux inside Plesk

          Hello,

          is better if such as "wordpress toolkit" you implement this software in plesk https://www.rfxn.com/projects/linux-malware-detect/ + ClamAV (is more faster the maildect search).

          With this way, anyone can scan our website from malware. And after scan, the user need to have an notify via email or directly into plesk. This inscrease the security of website and also increase the plesk security.

          I use it somethimes for scan all website into our web hosting, and I found it very usefull for prevent serius problem of botnet, hacked website etc.

          I hope that you can consider to implement this function.

          Regards

          77 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
          • ACME implementation

            This is still in an early draft stage, but I feel Plesk users could greatly benefit from free and secure CA Certificates.

            https://github.com/letsencrypt/acme-spec
            https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web

            48 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
            • Windows Fail2Ban

              The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.

              There is an opensorce for windows.

              http://www.digitalruby.com/securing-...icated-server/

              I suggest to Parallels Team include this.

              43 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                open discussion  ·  6 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
              • Yubikey

                Add two-factor-auth for YubiKey.

                41 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                • SAN support in Plesk Let's Encrypt

                  If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate. Combined with the above limit, that means you can issue certificates containing up to 2,000 unique subdomains per week. A certificate with multiple names is often called a SAN certificate, or sometimes a UCC certificate.

                  letsencrypt allow this as mentioned on https://letsencrypt.org/docs/rate-limits/

                  Plesk team should implement this feature as soon as possible

                  33 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                  • Create daily md5-hashes of the web-content of a domain, to quickly identify tampering or hacking.

                    Let Plesk on every night optionally create/compare md5-hashes from all files in the domains storage-space (web,httpdoc,ftp) and update this in a simple list (database), sortable by date of last change, size, number of changes. Indicating "changed files in the last xx days" to have a time-window to drill down.

                    In addition, accumulate all vhosts together into a seperate "Admin-View", where ALL domains are put together alphabetically.

                    Add an additional button "snapshot", so one could create a list of all webfiles on request. For example, when an incident has been cleaned, then click "snapshot" and then wait some time to see…

                    32 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                    • change password next login

                      Ask user to change password at next login screen after reset.
                      We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.

                      26 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                      • Fail2ban setting findtime per Jail

                        In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
                        Why?
                        you could have 2 jail with same filter but different findtime. Example:
                        Jail 1) 5 failures in 600 seconds: 1800 seconds ban
                        Jail 2) 30 failures in 86400 seconds: 604800 seconds ban

                        There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.

                        26 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          open discussion  ·  6 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                        • Support HPKP

                          I'd like to see HPKP integrated into the SSL certificate management of Plesk. This would allow, in combination with standard Nginx/Apache config, for a strongly recommended and worthwhile security element to be added to hosted sites.

                          Testing tool
                          https://securityheaders.io

                          More info
                          https://scotthelme.co.uk/hpkp-http-public-key-pinning/

                          21 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

                            Thank you for your input! We will consider this functionality in upcoming releases, if it will be popular.

                            Everyone, please continue voting for this feature if you consider it important.

                            — SU

                          • DDOS Protection

                            What about DDOS Protection in Plesk?

                            18 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

                              Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
                              Everyone, please continue voting for this feature if you consider it important.

                              — SU

                            • Update nginx with a newer version of openSSL

                              Update nginx to be linked against a more recent version of openssl, so that TLSv1.2 and mmore secure cipher suites are supported

                              17 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                              • Naxsi - web application firewall for Nginx

                                Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx

                                https://code.google.com/p/naxsi/

                                15 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                • Temporary FTP accounts (with expire date)

                                  It would be great to have ftp account with an expire date.
                                  A sort of temporary ftp accounts.

                                  This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.

                                  I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.

                                  14 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add extra detail to Fail2Ban

                                    I was just looking at the banned ip addresses on my server and thought it would be nice to have a time and date stamp listed next to the banned ip and jail used.

                                    And maybe add log sizes for the Fail2Ban logs.

                                    Kind regards

                                    Lloyd

                                    12 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                    • mod_evasive in Plesk

                                      Add mod evasive as module for Plesk

                                      11 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                      • steering allowed SSLCiphers (negative >noCBC; positive >only GCM) for all System-layers (mail, Plesk-Login, Apache, Nginx) via Plesk

                                        Optimizing the Quality of SSL-/TLS-Encryption at Plesk-driven Servers is very complicated...

                                        ... while the importance of a high-level encryption - not only since Edward Snowden - is of considerable importance.

                                        please investigate:

                                        http://serverfault.com/questions/550247/sslciphersuite-disable-weak-encryption-cbc-cipher-and-md5-based-algorithm

                                        and

                                        http://www.kuketz-blog.de/nsa-abhoersichere-ssl-verschluesselung-fuer-apache-und-nginx/ (best article / only available in german)

                                        Please implement the possibility for defining/steering not/allowed Ciphers and not/allowed SSL-protocols directly via PleskPanel.

                                        This function should include ALL System-layers like: mail, webmail, Plesk-Login, SSH, PHP- or JAVA-Apps/Tomcat, Apache, Nginx, ...

                                        THANK YOU VERY MUCH

                                        10 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          open discussion  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                        • to manage cipher suite settings (e.g. Poodle SSLv3 removal) via control panel

                                          Similar PCI settings should be manageable centralized

                                          9 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6
                                          • Don't see your idea?

                                          Feedback and Knowledge Base