Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
146 results found
-
Single sign on from WordPress account so hosting provider can allow customers to access plesk if they are logged into WordPress account firs
I am looking to create a site a hosting provider in woocommerce and want the customer to be able to access plesk if they are logged into their account in WordPress. So password of both plesk and WordPress will be in sync.
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
nftables support (firewall)
Since 2014, with Linux kernel 3.13 and later, a new system for providing filtering and classification of network packets, datagrams and frames was introduced: nftables
It is stateful and more modular than iptables and does support IPv6.
As there are already packages for Archlinux or RHEL and so for CentOS and you can install on your own (of course), it would be great if in an upcoming (major) release iptables is replaced by nftables. Or a switch is implemented to use either the one or the other.
More information on:
https://wiki.nftables.org
http://netfilter.org/projects/nftables/
https://wiki.archlinux.org/index.php/nftables5 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
to make an extension for administrative purposes adding IP's in the Firewalling option
My list of IP's is growing, I like to have an option to write down these entries, for example.
IP A belongs to company a
IP B belongs to company b
IP C belongs to person a4 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
opcache memory per vhost instead of shared
Currently Opcache is written in a shared memory it should be stored in the user's home folder. One client can see the all the scripts stored from all the sites hosted in the server.
9 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
Don't show version on the login mask.
I recommend to don't show any information about the version of Plesk or other software before the user logged in.
6 votesThis feature request has only received very few votes over the course of 7 years. Also, there is no urgent technical requirement for it as the previous statement by Plesk mentioned:
-----
You wouldn't need to worry too much on version exposure: 1) should there be any vulnerability discovered, we will fix it for each and every supported version. Just stay up2date 2) hiding version gives only false sense of security - attacker can still apply all known vulnerabilities disregarding your actual version. There were just few vulnerabilities about Plesk and it is easy to run them all (though it won't give an impact as all of them are addressed already). It is even easier than capturing a version from a file. If you remain heavily concerned, we can recommend applying Two-Factor authentication via Clef or Google Auth extensions at http://ext.plesk.com or maybe restricting Plesk control panel access to certain…
-
Please add a recommended "file integrity monitoring" tool to your extensions catalog
Any server that needs to be PCI compliant needs to have running a "file integrity monitoring" tool.
1 voteThis request was declined as it was created is more than 2 years ago and have the low number of votes.
If you would like to suggest a specific file integrity monitoring tool for implementation please feel free to create a new feature request.
Thank you.
—
AA -
Allow for E-Mail Notifican of Fail2Ban IP addresses that get blocked
Most fail2ban implementation have functionality that will allow for an alert email of IP's getting banned. This would be helpful for system administrators to review and take further action.
4 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Prevent decryption of passwords for customers/mail users/...
At the moment, user/customer/... passwords are stored in the database in a way that they can still be decryted using the server's private key (see for instance http://serverfault.com/questions/425116/possible-to-get-cleartext-password). This is for instance used by the program mailauthview. Thus, once somebody knows the key and has access to the database, (s)he can decrypt all passwords.
I would like to prevent the ability of decrypting passwords at all. Since many people use the same passwords across different accounts, I'd like to prevent the risk that user passwords unintentionally could get revealed if somebody gets access to the server.
11 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
steering allowed SSLCiphers (negative >noCBC; positive >only GCM) for all System-layers (mail, Plesk-Login, Apache, Nginx) via Plesk
Optimizing the Quality of SSL-/TLS-Encryption at Plesk-driven Servers is very complicated...
... while the importance of a high-level encryption - not only since Edward Snowden - is of considerable importance.
please investigate:
and
http://www.kuketz-blog.de/nsa-abhoersichere-ssl-verschluesselung-fuer-apache-und-nginx/ (best article / only available in german)
Please implement the possibility for defining/steering not/allowed Ciphers and not/allowed SSL-protocols directly via PleskPanel.
This function should include ALL System-layers like: mail, webmail, Plesk-Login, SSH, PHP- or JAVA-Apps/Tomcat, Apache, Nginx, ...
THANK YOU VERY MUCH
30 votesOver the course of nine years this feature request has only received a handful of votes - although we had merged it with a similar request to get the full number of votes for both. We basically understand the need for top level security, but this feature seems not to be popular among users.
Even the rather extreme kuketz-blog article says: "The technology for protection against spying is available – but hardly anyone uses it." which is another indication that hardly anyone is interested in specific configurations that harden servers to the extent where powerful players have difficulties reading traffic.
Plesk allows using a "perfect security" configuration, but it seems that only very few individuals are actually interested in it and understand why this can make sense in some cases. As a responsible administrator who wants to provide perfect security to users you can implement it into your server along…
-
Required restriction executable files, While Upload files in Plesk File Manager
Hi,
Required restriction ( .exe, .dat, .rar, unsecured file and other executable file ) While Upload files in Plesk File Manager
2 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
mod_evasive in Plesk
Add mod evasive as module for Plesk
22 votesYou can enable EPEL yum repository and install and configure mod_evasive for your Apache. But in latest Plesk Onyx versions it’s better and effective using ModSecurity Plesk feature for protecting attacks.
—
IG -
3 votes
Thank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
Bind poppasd service to localhost only
Currently poppassd listens on all IPs. Due to that an intruder can connect to the service via 106.
Please implement binding of poppassd to localhost only.2 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
Anonymize current log files, not only rotated ones.
Implement anonymization for current log files, not only for rotated ones on Linux.
4 votesSorry, but it is impossible because of different important Plesk features like Fail2ban, for instance, can work only with active logs .
—
IG -
Create a feature that to restrict password changing for additional Plesk users on their own
Create a feature that additional Plesk user cannot change its password in Plesk > My Profile tab
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
htaccess: let me rewrite to - [L,R=444] (tell the server to be silent, like in nginx)
Save megawatts of electric power and hours of processor time.
Let all those small-minded referral-spammers become desesperate, simply by not answering them at all.
Of course, such a (non-)reaction is also useful in other cases.1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
secure plesk.uservoice.com login
A login as a returning user with mail address only is totally insecure.
1 voteI suppose that this is feature request for UserVoice.com but not for Plesk.
—
IG -
1 vote
Thank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
letsencrypt
to work and auto renew the mail server and console certs correctly
1 vote -
Entered Password field
Show when a password field has a previously entered password. (as dots)
1 voteThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG
- Don't see your idea?