Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
30 results found
-
18 votes
DNSSEC is for provided for FREE in Web Pro and Web Host license edition. It’s PAID in Web Admin edition.
-
Expand 2FA options: Yubikey, WebAuthn (FIDO, FIDO2, U2F), also HOTP counter-code for existing Google Authenticator
Add two-factor-auth for YubiKey.
235 votesThe Social Login extension now supports the WebAuthn protocol. This makes it possible to authenticate to Plesk using passkeys, hardware tokens, and more. Learn more about WebAuthn support in Plesk.
We would love to hear your feedback on our forum at https://talk.plesk.com.
— AY
-
change password next login
Ask user to change password at next login screen after reset.
We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.79 votesGood news everyone!
This functionality was added in Plesk Obsidian RTM release. We suggest you upgrade to the latest version and check it out.
Now it’s possible to automatically send an email with the reset link to a particular customer.
—
AA -
Add option for minimum 12 characters in passwords
Add option for minimum 8 characters in Plesk > Home > Tools & Settings > Security Policy > Password.
You can label it as "Stronger".
Going from 8 to 16 characters leaves a big step.
We train our customers to user minimum 12 characters in their passwords (including lower/upper case, numbers and symbols).
strength17 votesThe new password strength validator is now enabled by default in Plesk 18.0.45. Learn more about the new password strength validator.
--
IG
-
include OSCP stapling directives for secured sites and panel
See http://forum.sp.parallels.com/threads/ocsp-stapling-for-the-plesk-panel.300280/ for the panel, but would need to be added for all domains also.
13 votesHi!
The functionality is now available in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
How to find it:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher “OCSP Stapling”, turn it on
5. Voila!We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
-
Allow to use SHA256 (SHA-2) for Certificate Request.
This time Plesk make's SHA-1 Certificate Request.
66 votes- grep default_md /usr/local/psa/admin/conf/openssl.cnf
default_md = sha256
Since Plesk 12.5.
— rk - grep default_md /usr/local/psa/admin/conf/openssl.cnf
-
Block the IP of the selected country in Firewall
Firewall should be able to block the IP of the selected country. I have a lot of traffic from the IP 5.10. *. *
713 votesThis functionality was added in Plesk 18.0.52 ( https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18052 ). We suggest you to update to Plesk 18.0.52 and check it out.
The feature is based on ipsets and works out of the box.
By default, the feature uses the free version of the DB-IP geolocation database, but also supports MaxMind DB's.
Feel free to share your feedback at at http://talk.plesk.com. --AA
-
Change admin username
It should be possible for the admin user to change his user login name. The name "admin" is not very secure, because it's easiert to hack via brute force. The hackers know, the name is "admin". If the user would be able to change his login name, it would increase the security of Plesk Panel.
561 votesGreat news! The "admin" username can be changed to an arbitrary name since Plesk 18.0.57, published November 21st, 2023. Please see instructions how to do it here: https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/changing-the-plesk-administrator-username.80021/
-- PD
-
Add the option "Security of wp-content/uploads folder only"
Securing the whole wp-content will break many commercial templates, while blocking script execution under the wp-content/uploads and wp-content/upgrade folder have no known side-effects.
2 votesWe have addressed this in WordPress Toolkit v3.5. Securing wp-content will now only secure wp-content/uploads. The option was renamed accordingly to avoid confusion. Hope this helps!
—AK
-
IP Addresses in access_ssl_log with NGINX
Bug?
No real IP Addresses from visitors in accessssllog when Ngnix is enable.
Only Local IP Address will logged.
Thats bad.1 voteFixed in Plesk 12.0 MU#24
- Don't see your idea?