Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
146 results found
-
Adding google recaptcha to plesk login area, or any captcha validation
Adding google recaptcha to plesk login area, or any captcha validation
23 votesWe are not sure why solving a captcha can be a better solution than the existing solution of a Fail2Ban jail monitoring login attempts. After all, with a captcha, users are forced to fulfill an extra step, do extra input and clicks just to login. It would make the login process more difficult for them and slow the process down while at the same time it does not provide any extra security. Moreover, many captcha solutions have violated EU GDPR. Also, with a captcha, this will not prevent bots from hammering the server with requests, hence causing unnecessary cpu load.
Instead, Plesk has a very secure and effective solution to block bots from testing passwords: Please use the existing "plesk-panel" Fail2Ban jail (Tools & Settings > IP Address Banning).
-- PD
-
Allowing customers to whitelist IP address's from their control panel.
Giving the customer the option to whitelist any IP address from their control panel.
At the moment, if a customer wants to whitelist an IP address they cannot without server admin whitelisting the IP across the server.
cPanel have this option with Mod Security Manager.
5 votesAllowing endusers to allowlist themselves can result in significant security risks. For example malicious users could use this tactic to drive brute-force attacks against the server or other users on the same server which cannot be noticed when that malicious user has whitelisted his own IP.
No arguments have been given why it is not risk to allow endusers to allowlist themselves. We must decline this request.
-- PD
-
Use of device mac address
Is it possible to introduce access restrictions using mac address in firewall
1 voteUpd: Sorry, we are closing the request as no information was provided for over a month.
—
IG -
recapcha
Could you add the possibility to add recapcha to a website e.g. as an extension?
1 voteWe are engaged in the development of a control panel for hosting, but not hosting sites and their creation. We are not responsible for the content of sites hosted by Plesk. This is the task of the site developers.
—
IG -
increase the number of IP you can select form 100 to 1000, it would be a time saver for us instead of selecting only a 100 IP art a time
increase the number of IP you can select form 100 to 1000, it would be a time saver for us instead of selecting only a 100 IP art a time
1 voteThis request did not become popular through the years. We must decline it.
-- PD
-
Backport Fail2Ban IPv6 Support to Plesk Onyx 17.x
As of now, feature with 178 votes is available in Plesk Onyx 17.9 Preview only: https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/17924536-fail2ban-now-supports-ipv6-please-upgrade
It would be awesome to have this feature available on earlier versions of Plesk Onyx without the necessity to wait until Plesk Onyx 17.9 becomes stable.
94 votesPlesk Onyx was end of life in April 2021. IPv6 support for Fail2Ban is available in all current and supported Plesk versions.
-
Allow to add trusted IPs to specific Jails
Allow to set a trusted IP over the GUI and CLI to specific jails same as allowed by fail2ban client:
# fail2ban-client --help | grep -A1 ignoreip
set <JAIL> addignoreip <IP> adds <IP> to the ignore list of <JAIL>
set <JAIL> delignoreip <IP> removes <IP> from the ignore list of <JAIL>
get <JAIL> ignoreip gets the list of ignored IP addresses for <JAIL>2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Goolge 2 factor authentication for Repait Kit page
Implement Goolge 2 factor authentication for Repait Kit page t https://example.com:8443/repair
2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
In domain logs allow select all function in order to copy to firewall rules
This feature requests comes from having to manually copy and paste bad IP's from the domain log files. It would be a request that when you carried out a search for say POST /xmlrpc.php HTTP/1.0 or GET /wp-login.php HTTP/1.0 from brute force hacking or malware bots you can easily just select all, then paste this over to the block list in the Firewall rules.
2 votesThis request only received 2 votes during 3 years. It did not become popular. It may also not be the best possible choice to block individual IPs like suggested as attackers frequently change IPs which will easily result in hundreds or thousands of blocked IPs in the firewall. That again will slow down network traffic. Instead we suggest to use Fail2Ban that comes with Plesk to automatically block attacker IPs. Fail2Ban has the capability to analyze log files automatically, to identify trouble sources and to ban these IPs for a pre-defined duration.
-- PD
-
logout email users and reset passwords without notifying all users
firing an employee with access to a well established email account. Don't want to close the email account but want to lock out ex employee. Need to log out all users and reset password but when I reset the password I can't log everyone out and they all get the update....... not helpful
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Add the possibility to protect Plesk panel with Web Application Firewall (ModSecurity)
Plesk should provide a way to secure the Plesk administration panel with the Web Application Firewall (ModSecurity).
Currently, when Plesk is accessed via 8443, Apache is not handling any request. However, when Plesk is accessed via port 443, Nginx is working as a proxy.
This setup should be changed, Apache should work as a proxy to be able to filter the HTTP request with ModSecurity, adding an additional security layer.
5 votesWe do not see how this feature could improve Plesk security. All Plesk panel functions are behind a login, and the login can effectively be protected with the existing Fail2Ban jail. Also, this request only received very few votes through many years. We must decline it.
-- PD
-
A feature that enables storing logs, complaint and non-complaint to GDPR in Windows.
The idea is to have non-compliant GDPR logs so debugging can be done and compliant GDPR logs that don't contain IPs for example.
4 votesIt’s pointless. Once we have non-compliant GDPR logs, it makes no sense to have compliant GDPR logs.
—
IG -
independent passwords for database and user interface
To allow Plesk to have an independent admin user password for database, which won't be the same as the graphical user interface.
2 votesThis feature request has been reviewed. We came to the conclusion that currently there are no plans to update this part of the software. For specific requirements it is possible to add additional user(s) to the database that have privileges that allow full access to all or limited access to a specific instruction set. There are no limitations on this procedure so external access such as monitoring can be achieved by this simple workaround. Please consider this workaround if you require access to the database.
-- PD
-
fail2ban notification
Make Fail2Ban send notifications when the server is under attack
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Change/adapt the rules for classifying a password?
Example: Would be a bad idea but is it possible to change the ruling so the password "test" is classified as very strong?
1 voteI don’t think we will do this for security reasons. For our product, the safety of our customers is very important and we will not expose them to such dubious changes.
—
IG -
Add function to block virus/trojan sender (Kaspersky KAV)
Every day I get thousands of virus and trojan mails that are filtered by Kaspersky. But there is no possibility to block the senders of these mails.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
План защиты
1) Убрать вход в Plesk по ИП сервера!
2) При входе, если меняется ИП клиента, то сделать проверку на e-mail, с любым кодом! Который указан у клиента.
3) Дать возможность, менять порт :8443 в системе Plesk.
1 voteСпасибо за предложения, но, пожалуйста, создайте отдельный feature request для каждого предложения, и напишите их на английском языке, чтобы за них могли голосовать не только русскоязычные пользователи.
Кроме того, пункт 3 уже существует. В последних версиях Плеск вообще можно не использовать этот порт.
Этот запрос я закрываю, как неверно созданный.
—
IG -
User Role Permissions
Users with permissions to edit roles can edit rights that they do not own and create roles with rights that they do not own. It would be ideal if a user who has the permissions to edit roles can only change and assign rights that he owns.
1 voteWe are closing the request due to lack of demand over the years. We still value your feedback and we would like to thank you for the suggestion.
-- SH
-
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
1 voteYou are wrong. Site plesk.com is protected by COMODO certificate.
—
IG -
provide two factor authentication for every login screen
provide two factor authentication for every login screen
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG
- Don't see your idea?