Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
137 results found
-
Customer account and domain subscription be linked to a certain VM/directory
Customer desires account and domain linked to a certain VM or directory with permissions to that VM or directory.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
add reseller management in Plesk Multi Server
Currently it is not possible to create a user in a domain and subscriptions. Why is this feature hidden in a Plesk Multi Server model. This basic functionality for hosters.
1 voteUnfortunately the version of Plesk Multiserver extension was discontinued several years ago.
-- PD
-
The possibility to manage Fail2Ban jails via CLI
Currently, ip_ban utility does not allow to manage jails, for example, RECIDIVE jail.
It is possible only via GUI
2 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
1 vote
Upd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Secure Management Node
Ability to secure plesk management node with an SSL certificate via Let's Encrypt or Security Advisor.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Remove the certificate for securing mail from Plesk
There is no option to remove Certificate for securing mail via Plesk UI, the only option is to switch it to another.
Please add feature to unassign the certificate.
3 votesNo further information has been provided, so that it remains unclear for which business case removing a certificate from the mail server could be required. As this request also did not become popular we must decline it.
-- PD
-
Enable excluding folders on Protected Directories
Right now it is not possible to use a protected domain on /, while using Let's Encrypt, as it also "protects" /.well-known.
Please add a general function to add single un-protected directories.2 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
remove kernelcare suggestion on openvz vservers!
If a servers runs on a openvz environment there is no need for kernelcare as it shares the kernel with the host.
Therefor your suggestion including your offer to sell a license at 5$+VAT vs 3.95$ at the cloudlinuxes website this very misleading!
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
View certificate expiration dates for all domains
Please add the functionality to view the summary of certificate expiration dates for all domains.
This will help to monitor the situation and diagnose what is going on.
3 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Whitelist rkhunter warnings caused by Plesk
rkhunter security scan will always show security warnings caused by Plesk, as per https://support.plesk.com/hc/en-us/articles/115001160954-What-Watchdog-warnings-may-be-safely-ignored
You should whitelist these warnings by default.
3 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
2 votes
UPD: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Single sign on from WordPress account so hosting provider can allow customers to access plesk if they are logged into WordPress account firs
I am looking to create a site a hosting provider in woocommerce and want the customer to be able to access plesk if they are logged into their account in WordPress. So password of both plesk and WordPress will be in sync.
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
nftables support (firewall)
Since 2014, with Linux kernel 3.13 and later, a new system for providing filtering and classification of network packets, datagrams and frames was introduced: nftables
It is stateful and more modular than iptables and does support IPv6.
As there are already packages for Archlinux or RHEL and so for CentOS and you can install on your own (of course), it would be great if in an upcoming (major) release iptables is replaced by nftables. Or a switch is implemented to use either the one or the other.
More information on:
https://wiki.nftables.org
http://netfilter.org/projects/nftables/
https://wiki.archlinux.org/index.php/nftables5 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
to make an extension for administrative purposes adding IP's in the Firewalling option
My list of IP's is growing, I like to have an option to write down these entries, for example.
IP A belongs to company a
IP B belongs to company b
IP C belongs to person a4 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
opcache memory per vhost instead of shared
Currently Opcache is written in a shared memory it should be stored in the user's home folder. One client can see the all the scripts stored from all the sites hosted in the server.
9 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
Don't show version on the login mask.
I recommend to don't show any information about the version of Plesk or other software before the user logged in.
6 votesThis feature request has only received very few votes over the course of 7 years. Also, there is no urgent technical requirement for it as the previous statement by Plesk mentioned:
-----
You wouldn't need to worry too much on version exposure: 1) should there be any vulnerability discovered, we will fix it for each and every supported version. Just stay up2date 2) hiding version gives only false sense of security - attacker can still apply all known vulnerabilities disregarding your actual version. There were just few vulnerabilities about Plesk and it is easy to run them all (though it won't give an impact as all of them are addressed already). It is even easier than capturing a version from a file. If you remain heavily concerned, we can recommend applying Two-Factor authentication via Clef or Google Auth extensions at http://ext.plesk.com or maybe restricting Plesk control panel access to certain…
-
Please add a recommended "file integrity monitoring" tool to your extensions catalog
Any server that needs to be PCI compliant needs to have running a "file integrity monitoring" tool.
1 voteThis request was declined as it was created is more than 2 years ago and have the low number of votes.
If you would like to suggest a specific file integrity monitoring tool for implementation please feel free to create a new feature request.
Thank you.
—
AA -
Allow for E-Mail Notifican of Fail2Ban IP addresses that get blocked
Most fail2ban implementation have functionality that will allow for an alert email of IP's getting banned. This would be helpful for system administrators to review and take further action.
4 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
steering allowed SSLCiphers (negative >noCBC; positive >only GCM) for all System-layers (mail, Plesk-Login, Apache, Nginx) via Plesk
Optimizing the Quality of SSL-/TLS-Encryption at Plesk-driven Servers is very complicated...
... while the importance of a high-level encryption - not only since Edward Snowden - is of considerable importance.
please investigate:
and
http://www.kuketz-blog.de/nsa-abhoersichere-ssl-verschluesselung-fuer-apache-und-nginx/ (best article / only available in german)
Please implement the possibility for defining/steering not/allowed Ciphers and not/allowed SSL-protocols directly via PleskPanel.
This function should include ALL System-layers like: mail, webmail, Plesk-Login, SSH, PHP- or JAVA-Apps/Tomcat, Apache, Nginx, ...
THANK YOU VERY MUCH
30 votesOver the course of nine years this feature request has only received a handful of votes - although we had merged it with a similar request to get the full number of votes for both. We basically understand the need for top level security, but this feature seems not to be popular among users.
Even the rather extreme kuketz-blog article says: "The technology for protection against spying is available – but hardly anyone uses it." which is another indication that hardly anyone is interested in specific configurations that harden servers to the extent where powerful players have difficulties reading traffic.
Plesk allows using a "perfect security" configuration, but it seems that only very few individuals are actually interested in it and understand why this can make sense in some cases. As a responsible administrator who wants to provide perfect security to users you can implement it into your server along…
-
Prevent decryption of passwords for customers/mail users/...
At the moment, user/customer/... passwords are stored in the database in a way that they can still be decryted using the server's private key (see for instance http://serverfault.com/questions/425116/possible-to-get-cleartext-password). This is for instance used by the program mailauthview. Thus, once somebody knows the key and has access to the database, (s)he can decrypt all passwords.
I would like to prevent the ability of decrypting passwords at all. Since many people use the same passwords across different accounts, I'd like to prevent the risk that user passwords unintentionally could get revealed if somebody gets access to the server.
11 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG
- Don't see your idea?