Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you ...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Deny access to all dot files by default

    A lot of web applications that are either built or simply installed on a website use dot files and folders, whether those be .htaccess, .git, .env, etc.

    Generally speaking dot files and folders are used to store either sensitive files or backend configuration which you would never want users to be able to access.

    By default Apache has some protection built-in to restrict accessing dot files, but Nginx does not. This creates a potential security risk, for example I might install a web application or build one which has dot files in the public root, these most likely would be…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. pin

    I think a call in pin would be nice. Something that the user can change, but it is kept hidden unless they are logged in and click on it to see it. This will allow for end users to request help securely.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Description field for IP restrictions

    Here is my idea : add a description field for IP administration restriction access

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. control-panel-access - add ddns support

    Please add DDNS Support for "control-panel-access" (Limit Admin Login) - Would be very helpful to restrict Admin Logins if no static IP Address is available ...

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Let pci_compliance_resolver --enable postfix also set FORWARD SECURITY and go dor TLSv1.3

    Even though server supports TLS 1.2, the cipher suite configuration is suboptimal. It is recommend to configure the server so that the cipher suites providing forward secrecy (ECDHE or DHE in the name, in this order of preference) and authenticated encryption (GCM or CHACHA20 in the name) are at the top. The server must also be configured to select the best-available suite!

    also there is TLSv3 https://tools.ietf.org/html/rfc8446
    (and draft is used already a long time by many;)

    http://www.postfix.org/TLS_README.html

    And while Playing on Mailserver think about MTA Strict Transport Security (Draft standard) and Email DANE / TLSA.

    THX

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Entered Password field

    Show when a password field has a previously entered password. (as dots)

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. add permission to disable "certificate selection"

    Add permission to disable "for certificate selection"

    Use case: if "hosting management" permission is disabled in Subscription > Customize > Permissions > Hosting management - uncheck, an additional Plesk user still able to select SSL certificate in "hosting settings" of domain. User can set certificate to none and thus violate website security.

    Add option in Permissions to forbid certificate selection by user to prevent such cases.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. easy htacces

    Edit htaccess only once, and use it where needed

    OR

    Split htacces into 3 sections, then use 'em where needed:
    - allow-deny
    - bad bots
    - other functions (redirect, passwords, etc)

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Whitelist rkhunter warnings caused by Plesk

    rkhunter security scan will always show security warnings caused by Plesk, as per https://support.plesk.com/hc/en-us/articles/115001160954-What-Watchdog-warnings-may-be-safely-ignored

    You should whitelist these warnings by default.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. add support for ufw firewall extension to iptables

    As it is hard to configure iptables, the current solution for setting up firewall rules out of plesk is awkward - understood. But wouldn't it be easy to add support for ubuntus ufw and similar handlers (like fail2ban), iptables forwards packets to? You could simply save and restore the corresponding ufw rules in iptables (as you do with other rules) and add an option to activate ufw (and similar if available on the system) on the firewall setting page. This immediately solves the requests for outside configurable firewall rules as in blocking malicious misbehavin attackers out of a script run…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. google two factor authentication for password protected directories

    google two factor authentication for password protected directories

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Temporarily show an inputted password in web-form to check caps-lock and language

    It would be great if Plesk allowed the option of being able to see the password. Many sites offer this capability now to ensure the administrator has not typed in the wrong password when logging in

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Custom Blocklist.

    Is it possible to add a rule with downloadable html list of bad IP addresses from a central webserver for multiple plesk installations

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. provide protection for people port scanning from the server, outwards

    PLESK provides no security if someone uploads a file that port scans the local network. Many data centers ban such servers. It would be great if there was a possibility of detecting and stopping such attempts.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your input!

    We already have several solutions, is there a particular reason you are not using this features?

    - Firewall. You could block unwanted outgoing traffic (https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/the-plesk-firewall-linux.72046/).
    - Antivirus support (https://docs.plesk.com/en-US/onyx/advanced-administration-guide-linux/services-management/antivirus-support.68765/)
    - Rootkit Hunter (https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/watchdog-system-monitoring-component.70443/)

    — AY

  16. Login History

    History of logins including date/time information within the dashboard.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Login / secure Plesk with Touch ID (Macbook) or Fingerprint Software like SecSign

    Provide possibility to login to Plesk via some Fingerprint Software or enable the Touch ID (for MacOS) ...
    Also SecSign provides TouchID via API and makes it usable for Wordpress, Joomla, Drupal and Typo.... etc.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Symantec SSL

    Symantec SSL interesting feature. I specialy liked this part, "Help me pick the right certificate". But there is a big minus for this extension, there is no way you can see at forehand what you are going to pay at the end. Why don't put the prices beneed the several options and brands?

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. control panel access

    I have a dynamic ip address, unfortunately I can not use the feature
    Please adjust for dynamic IP addresses and an interval (every hour) or a fixed time (always 3AM) where plesk is to search for the current ip. And not only allow ip addresses, but also domain names resp. xyz.dynadress.xy

    Thanks

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base