Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
146 results found
-
Add the option to forbid execution of files in Plesk for Windows
In Plesk for Windows, add options to forbid executing .exe, .bat and other executable files in order to prevent starting of malicious scripts.
It should be added to domain and server-wide levels.6 votesNo further information on where in Plesk for Windows one can directly execute files, neither on where should .exe, .bat, .com be blocked was provided. We must decline this request.
-- PD
-
Password-protected directories: LDAP / Active Directory
Fetch users from AD for Password-protected directories
1 voteWe are closing the request due to lack of demand over the years. We still value your feedback and we would like to thank you for the suggestion.
-- SH
-
Manage all Firewall rules via Plesk GUI on Plesk for Windows
Ability to manage all Firewall rules via Plesk GUI on Plesk for Windows
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Extend Fail2Ban rules for Wordpress xmlrpc.php
Extend the Fail2Ban Rules for Wordpress xmlrpc.php, because of many bruteforce attacks on this.
4 votesWe have recommendations regarding this issue https://support.plesk.com/hc/en-us/articles/115002643313-WordPress-site-is-slow-Lots-of-log-entries-POST-xmlrpc-php-HTTP-1-0-499
So, you can always create own necessary fail2ban rule.
—
IG -
Individual Users should have access to setup their own Session Expiry Time on Plesk
Since Hosting providers use plesk on Shared Environments where users are forced to use the same session expiry time shared on hosting server for all shared clients. If Plesk can provide the logged in shared user to set their own Session Expiry time then it would be superb.
Regards,
Mody1 voteThis feature only receive one vote through many years. It does not seem to be popular. We must decline it.
-
Filter POST and PUT requests, but keep GET available
It is needed to block PUT and POST requests from specific country, but keep GET available. For example, I do not want China to send POST and PUT to my server, but they are free to send GET in order to receive website's content.
4 votesThis feature request did not become popular over many years. We must decline it. It is also very specific and maybe directed in fighting malicious traffic? Instead, we suggest using https://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html to filter requests. We're also working on GeoIP protection which will cover most use cases.
-- PD
-
Force root ssh login to "without-password", with GUI option to "enable root login with password for 10 minutes"
Twofold:
1) Create a scheduled process that reconfigures /etc/ssh/sshd_config
-- if "PermitRootLogin" is enabled, change it to "without-password"2) Add an option in the GUI to allow ssh root login with password for 10 minutes, 30 minutes or 60 minutes
1 voteThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
Free SSL / TLS Certificate (EV or OV Type) for Plesk Login
In order to ensure secure login and administration even with Plesk, plesk itself should issue a free SSL / TLS certificate (EV or OV type) from Plesk.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Customer account and domain subscription be linked to a certain VM/directory
Customer desires account and domain linked to a certain VM or directory with permissions to that VM or directory.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
add reseller management in Plesk Multi Server
Currently it is not possible to create a user in a domain and subscriptions. Why is this feature hidden in a Plesk Multi Server model. This basic functionality for hosters.
1 voteUnfortunately the version of Plesk Multiserver extension was discontinued several years ago.
-- PD
-
The possibility to manage Fail2Ban jails via CLI
Currently, ip_ban utility does not allow to manage jails, for example, RECIDIVE jail.
It is possible only via GUI
2 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
1 vote
Upd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Secure Management Node
Ability to secure plesk management node with an SSL certificate via Let's Encrypt or Security Advisor.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Remove the certificate for securing mail from Plesk
There is no option to remove Certificate for securing mail via Plesk UI, the only option is to switch it to another.
Please add feature to unassign the certificate.
3 votesNo further information has been provided, so that it remains unclear for which business case removing a certificate from the mail server could be required. As this request also did not become popular we must decline it.
-- PD
-
Enable excluding folders on Protected Directories
Right now it is not possible to use a protected domain on /, while using Let's Encrypt, as it also "protects" /.well-known.
Please add a general function to add single un-protected directories.2 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
remove kernelcare suggestion on openvz vservers!
If a servers runs on a openvz environment there is no need for kernelcare as it shares the kernel with the host.
Therefor your suggestion including your offer to sell a license at 5$+VAT vs 3.95$ at the cloudlinuxes website this very misleading!
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
View certificate expiration dates for all domains
Please add the functionality to view the summary of certificate expiration dates for all domains.
This will help to monitor the situation and diagnose what is going on.
3 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Whitelist rkhunter warnings caused by Plesk
rkhunter security scan will always show security warnings caused by Plesk, as per https://support.plesk.com/hc/en-us/articles/115001160954-What-Watchdog-warnings-may-be-safely-ignored
You should whitelist these warnings by default.
3 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
2 votes
UPD: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Allow Let's Encrypt to validate over 80 or 443 (not just 80)
We're very excited to see Let's Encrypt in Plesk 17, it makes secure sites much, much easier. However, port 80 is not open on a number of our servers for security reasons and it would appear the Plesk coding for the API to Let's Encrypt forces the use of port 80. Let's Encrypt supports validation of domains over 80 OR 443, but Plesk is requiring 80. The only workaround is to open 80 to the world so it can be validated since Let's Encrypt does supply a list of public IP's their traffic could source from.
49 votesEveryone, we are closing the current request since it looks invalid. According to the Let's Encrypt documentation,
"The HTTP-01 challenge can only be done on port 80. Allowing clients to specify arbitrary ports would make the challenge less secure, and so it is not allowed by the ACME standard."
— AY
- Don't see your idea?