Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

133 results found

  1. Preset "webmail" and other checkboxes upon SSL certificate creation or reissuing as "checked"

    Please provide a possibility to secure webmail automatically if webmail.example.com exists in Plesk.

    This can be done by auto-selecting "Secure webmail on this domain" during a certificate creation for example.com.

    As it currently stands, end users get confused by the feature.

    The more Plesk can simplify this process for end-users, the less support will be required for my customers.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Plesk for Windows - RdpGuard

    Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
    This is a very good alternative to IP2ban (which is only for Linux).

    Thanks

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Add possibility in ModSecurity to configure real-time file scan when files are uploaded

    It would be great to add possibility in ModSecurity to configure real-time file scan when files are uploaded: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#files_tmpnames

    Such feature will allow the Plesk administrator to configure some Perl scripts to analize all the files uploaded by the users.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    So that if subscription example.com contains 1.example.com 2.example.com 3example.com.
    We can select as an example only the subdomain 1 and 3

    Same for other components like databases.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Email notifications/alerts for Modsecurity (WAF)

    It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Social Login SSO - Microsoft O365 Support

    Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. OWASP security recommendation hide php version from web server by default

    I've noticed that in a default plesk installation the web server is configured to disclose php version. This could be exploited especially with a lot of websites running insecure php versions still.

    I think it's not much trouble to implement this simple "security through obscurity" step to not disclose this information and help attackers detect vulnerabilities in PHP itself.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Centralized SSL Certificate Support

    I would like if you guys can add Centralized SSL Certificate Support in Plesk GUI, it would be easy to manage,
    as I had added a UNC path (\172.16.0.11\shared-certificates) in my Plesk via command line but now I cannot switch back to local path (C:\shared-certificates) as it was configured with UNC path & if I add a local path via command line, it says that the UNC path is not available even though I am using local path.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. User Role Permissions

    Users with permissions to edit roles can edit rights that they do not own and create roles with rights that they do not own. It would be ideal if a user who has the permissions to edit roles can only change and assign rights that he owns.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. 58 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. SAML integration

    For setups with a large amount of plesk servers it would be very nice to be able to be able use a SAML integration to handle the user authentication.

    38 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. block bad bots by default

    There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.

    It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.

    Here's an example for Apache

    https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4

    And here's for Nginx

    https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

    It could help mitigate attacks and vulnerability scans as well a…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Add ability to use the one Let's encrypt account Id for the whole server

    Add ability to use the one Let's encrypt account Id for the whole server

    After this, it will be possible to request Let's Encrypt Rate Limit Adjustment for the whole server.
    https://docs.google.com/forms/d/e/1FAIpQLSetFLqcyPrnnrom2Kw802ZjukDVex67dOM2g4O8jEbfWFs3dA/viewform

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Password-protected directories: LDAP / Active Directory

    Fetch users from AD for Password-protected directories

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Let's encrypt wildcard for domain aliases

    Currently, when requesting a wildcard certificate for a domain with multiple domain aliases, only the main domain gets a wildcard.

    Let say you have a main domain domain.com and have 3 subdomains domain.fr, domain.co.jp and domain.eu.

    When requesting a wildcard certificate including all aliases, you'll get :

    domain.com
    *.domain.com
    domain.fr
    domain.co.jp
    domain.eu

    where it would be more logical and usefull to have :

    domain.com
    *.domain.com
    domain.fr
    *.domain.fr
    domain.co.jp
    *.domain.co.jp
    domain.eu
    *.domain.eu

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Add option to Whitelist IP in Fail2Ban and mod_security

    I always need to whitelist IPs in Firewall, Fail2Ban and mod_security.

    u could add at least an option to also whitelist fail2ban in mod_security or even make two checkboxes in Firewall whitelisting to whitelist ip in all three modules.

    also usage of dns instead of ip would be greate for example PayPal does recomment to whitelist dns for api!

    THX

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Enable SSH Key Generate via Plesk Control Panel

    With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. check passwords against Pwned Passwords API

    Plesk should check user typed passwords against Pwned Passwords API

    https://haveibeenpwned.com/API/v2

    that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks

    WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2

    it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/

    I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)

    It makes a lot of sense to do this, there are no drawbacks
    it should be option that users can enable/disable
    if you don't need it, you can disable…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. lock access to Plesk Admin on only one URL

    There must be a possibily to lock up access to Plesk admin to only one or selected URL for security or other reason possible, For example i have 100 domains and i only want a few domain to access to Plesk Admin (https://domain.com:8443). This is not possible yet
    y

    102 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base