Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
137 results found
-
Goolge 2 factor authentication for Repait Kit page
Implement Goolge 2 factor authentication for Repait Kit page t https://example.com:8443/repair
2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
In domain logs allow select all function in order to copy to firewall rules
This feature requests comes from having to manually copy and paste bad IP's from the domain log files. It would be a request that when you carried out a search for say POST /xmlrpc.php HTTP/1.0 or GET /wp-login.php HTTP/1.0 from brute force hacking or malware bots you can easily just select all, then paste this over to the block list in the Firewall rules.
2 votesThis request only received 2 votes during 3 years. It did not become popular. It may also not be the best possible choice to block individual IPs like suggested as attackers frequently change IPs which will easily result in hundreds or thousands of blocked IPs in the firewall. That again will slow down network traffic. Instead we suggest to use Fail2Ban that comes with Plesk to automatically block attacker IPs. Fail2Ban has the capability to analyze log files automatically, to identify trouble sources and to ban these IPs for a pre-defined duration.
-- PD
-
logout email users and reset passwords without notifying all users
firing an employee with access to a well established email account. Don't want to close the email account but want to lock out ex employee. Need to log out all users and reset password but when I reset the password I can't log everyone out and they all get the update....... not helpful
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Add the possibility to protect Plesk panel with Web Application Firewall (ModSecurity)
Plesk should provide a way to secure the Plesk administration panel with the Web Application Firewall (ModSecurity).
Currently, when Plesk is accessed via 8443, Apache is not handling any request. However, when Plesk is accessed via port 443, Nginx is working as a proxy.
This setup should be changed, Apache should work as a proxy to be able to filter the HTTP request with ModSecurity, adding an additional security layer.
5 votesWe do not see how this feature could improve Plesk security. All Plesk panel functions are behind a login, and the login can effectively be protected with the existing Fail2Ban jail. Also, this request only received very few votes through many years. We must decline it.
-- PD
-
A feature that enables storing logs, complaint and non-complaint to GDPR in Windows.
The idea is to have non-compliant GDPR logs so debugging can be done and compliant GDPR logs that don't contain IPs for example.
4 votesIt’s pointless. Once we have non-compliant GDPR logs, it makes no sense to have compliant GDPR logs.
—
IG -
independent passwords for database and user interface
To allow Plesk to have an independent admin user password for database, which won't be the same as the graphical user interface.
2 votesThis feature request has been reviewed. We came to the conclusion that currently there are no plans to update this part of the software. For specific requirements it is possible to add additional user(s) to the database that have privileges that allow full access to all or limited access to a specific instruction set. There are no limitations on this procedure so external access such as monitoring can be achieved by this simple workaround. Please consider this workaround if you require access to the database.
-- PD
-
fail2ban notification
Make Fail2Ban send notifications when the server is under attack
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Change/adapt the rules for classifying a password?
Example: Would be a bad idea but is it possible to change the ruling so the password "test" is classified as very strong?
1 voteI don’t think we will do this for security reasons. For our product, the safety of our customers is very important and we will not expose them to such dubious changes.
—
IG -
Add function to block virus/trojan sender (Kaspersky KAV)
Every day I get thousands of virus and trojan mails that are filtered by Kaspersky. But there is no possibility to block the senders of these mails.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
План защиты
1) Убрать вход в Plesk по ИП сервера!
2) При входе, если меняется ИП клиента, то сделать проверку на e-mail, с любым кодом! Который указан у клиента.
3) Дать возможность, менять порт :8443 в системе Plesk.
1 voteСпасибо за предложения, но, пожалуйста, создайте отдельный feature request для каждого предложения, и напишите их на английском языке, чтобы за них могли голосовать не только русскоязычные пользователи.
Кроме того, пункт 3 уже существует. В последних версиях Плеск вообще можно не использовать этот порт.
Этот запрос я закрываю, как неверно созданный.
—
IG -
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
1 voteYou are wrong. Site plesk.com is protected by COMODO certificate.
—
IG -
provide two factor authentication for every login screen
provide two factor authentication for every login screen
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Add the option to forbid execution of files in Plesk for Windows
In Plesk for Windows, add options to forbid executing .exe, .bat and other executable files in order to prevent starting of malicious scripts.
It should be added to domain and server-wide levels.6 votesNo further information on where in Plesk for Windows one can directly execute files, neither on where should .exe, .bat, .com be blocked was provided. We must decline this request.
-- PD
-
Manage all Firewall rules via Plesk GUI on Plesk for Windows
Ability to manage all Firewall rules via Plesk GUI on Plesk for Windows
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Extend Fail2Ban rules for Wordpress xmlrpc.php
Extend the Fail2Ban Rules for Wordpress xmlrpc.php, because of many bruteforce attacks on this.
4 votesWe have recommendations regarding this issue https://support.plesk.com/hc/en-us/articles/115002643313-WordPress-site-is-slow-Lots-of-log-entries-POST-xmlrpc-php-HTTP-1-0-499
So, you can always create own necessary fail2ban rule.
—
IG -
Individual Users should have access to setup their own Session Expiry Time on Plesk
Since Hosting providers use plesk on Shared Environments where users are forced to use the same session expiry time shared on hosting server for all shared clients. If Plesk can provide the logged in shared user to set their own Session Expiry time then it would be superb.
Regards,
Mody1 voteThis feature only receive one vote through many years. It does not seem to be popular. We must decline it.
-
Filter POST and PUT requests, but keep GET available
It is needed to block PUT and POST requests from specific country, but keep GET available. For example, I do not want China to send POST and PUT to my server, but they are free to send GET in order to receive website's content.
4 votesThis feature request did not become popular over many years. We must decline it. It is also very specific and maybe directed in fighting malicious traffic? Instead, we suggest using https://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html to filter requests. We're also working on GeoIP protection which will cover most use cases.
-- PD
-
Force root ssh login to "without-password", with GUI option to "enable root login with password for 10 minutes"
Twofold:
1) Create a scheduled process that reconfigures /etc/ssh/sshd_config
-- if "PermitRootLogin" is enabled, change it to "without-password"2) Add an option in the GUI to allow ssh root login with password for 10 minutes, 30 minutes or 60 minutes
1 voteThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
Fail2Ban rules block IP's permanently
Ip's not only temporary ban but directly permanent
1 voteI suppose that this is more a feature request to the developers of fail2ban, but not Plesk. Because when restarting fail2ban service, it will lose all addresses, because fail2ban does not remember them, it just scans the logs at restart, so if there are no logs, then this permanent IP will be unbanned.
It may be released with Plesk firewall, but not fail2ban.
—
IG -
Free SSL / TLS Certificate (EV or OV Type) for Plesk Login
In order to ensure secure login and administration even with Plesk, plesk itself should issue a free SSL / TLS certificate (EV or OV type) from Plesk.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG
- Don't see your idea?