Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
134 results found
-
Fail2Ban option to apply custom firewall rule to banned IPs
It would be great to have an option in Fail2ban to send the blocked IPs directly to a Custom Firewall Block Rule, to block these IPs permanently.
1 vote -
Additional Account Authentication via Email
This is a request for the implementation of an optional extra layer of authentication via email for customers and resellers who want to login to a Plesk server. Which would improve security by making it much less effective/useful for customers to share their login details with others.
Although similar in concept to 2FA, this is different than the already available 2FA extension as "email account authentication" poses way less of a barrier to non tech savvy users as no additional apps or devices are needed for authentication. Just email.
Ideally it would work something like this: a server administrator could enable "email account authentication" so…
1 voteThank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
There are some similar requests hat you might also want to vote for:
-- PD
-
Add support for Heimdal Agent
Add official support to Heimdal Agent (https://heimdalsecurity.com/) for Plesk on Linux servers, including ARM architecture servers.
1 voteIt seems that Heimdal Agent is a client component of their offer that collects data from a server or interacts with the server. Nothing speaks against installing that on a Plesk maintained server. "Support for Heimdal Agent" probably means that it can be installed as an extension or from a software catalog like APS catalog?
-- PD
-
Plesk Admin Login - Enable IP Address Locking. In other words, like a firewall, specify the IP address source
Plesk Admin Login - Enable IP Address Locking. In other words, like a firewall, specify the IP address source.
This simply eliminates concerns about password hacking as a Dedicated IP (source location) can be specified just like Remote Desktop.
1 voteThank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
Improve Plesk Country Firewall Usability
Plesk Country Firewall
1) Add a check for duplicate country abbreviations on save.
2) (x) add checkbox to sort alphabetically
3) Add a drop down to select the country. Currently you have to look up the country 2 digit code. So add a drop down to select country then add the 2 digit abbreviation.1 voteMost ISO codes of rogue nations are well known. We think that changes to geo IP blocking are rarely needed. To keep development costs reasonably low, perfect comfort for rarely used features is not a priority. In a server's lifetime it may occur twice that this is changed, so we wonder how often this feature is used in your daily routine that the added comfort is required? Please comment how you determine the countries to be blocked and why you change countries often so that we understand your routine better and can provide a better product while trying to keep license prices low.
-
Block IP address ranges of cloud services (AWS, Google, DigitalOcean)
Be able to block IP address ranges of cloud services (e.g. AWS, Google, DigitalOcean) via Plesk Firewall to avoid junk traffic and hacking attempts.
At the moment, it is only possible to block IP addresses by countries1 vote -
Add configuration option for protection against host header injection
It will be good to add the feature to configuration the Plesk host header injection protection.
Curretly that is not possible to make it by the Plesk interface.1 vote -
Deprecate clear domain names as home directory
Since plesk is storing each vhost as clear domain name, every user wit shell access is able to see which domains/customers are on this host, eg. with > getenv passwd
We know we can chroot the user but chroot is NOT a security feature and makes trouble with applications the user might expect (or the environment these applications expect) - and there is still a way to break out from the environment or new ways get discovered. Much afford for nothing in the end.
We do not want to put customers in containers, jails whatsoever to restrict the user access…
1 voteThis is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features.
Thanks in advance!
--
IG
-
Create security.txt
Help admins and customers to create a security.txt file when creating a site in Plesk Panel, see https://securitytxt.org/
No details yet.1 vote -
Make Plesk Firewall add/change rules incrementally without restarting the whole service
Make Plesk Firewall add/change rules incrementally without restarting the whole service.
Now Plesk firewall reloads all rules in iptables when rules are changed in firewall (all rules are added anew). If there is a long list of blacklisted IPs or server is under a brute-force attack and there are a lot of IPs blocked by the Fail2Ban, adding/changing any rule via Plesk Firewall will cause server restart that is taking a lot of time due to a large number of blocked IPs.
1 voteThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
1 vote
-
Add a security mechanism when changing a user password
Add a security mechanism for resetting a user password in Plesk, for example verify the password change via email or add a field to submit the old password (implemented for Plesk admin user)
1 vote -
User Role Permissions
Users with permissions to edit roles can edit rights that they do not own and create roles with rights that they do not own. It would be ideal if a user who has the permissions to edit roles can only change and assign rights that he owns.
1 voteThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Password-protected directories: LDAP / Active Directory
Fetch users from AD for Password-protected directories
1 voteThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG
- Don't see your idea?