Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
139 results found
-
Goolge 2 factor authentication for Repait Kit page
Implement Goolge 2 factor authentication for Repait Kit page t https://example.com:8443/repair
2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Allow to add trusted IPs to specific Jails
Allow to set a trusted IP over the GUI and CLI to specific jails same as allowed by fail2ban client:
# fail2ban-client --help | grep -A1 ignoreip
set <JAIL> addignoreip <IP> adds <IP> to the ignore list of <JAIL>
set <JAIL> delignoreip <IP> removes <IP> from the ignore list of <JAIL>
get <JAIL> ignoreip gets the list of ignored IP addresses for <JAIL>2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
In domain logs allow select all function in order to copy to firewall rules
This feature requests comes from having to manually copy and paste bad IP's from the domain log files. It would be a request that when you carried out a search for say POST /xmlrpc.php HTTP/1.0 or GET /wp-login.php HTTP/1.0 from brute force hacking or malware bots you can easily just select all, then paste this over to the block list in the Firewall rules.
2 votesThis request only received 2 votes during 3 years. It did not become popular. It may also not be the best possible choice to block individual IPs like suggested as attackers frequently change IPs which will easily result in hundreds or thousands of blocked IPs in the firewall. That again will slow down network traffic. Instead we suggest to use Fail2Ban that comes with Plesk to automatically block attacker IPs. Fail2Ban has the capability to analyze log files automatically, to identify trouble sources and to ban these IPs for a pre-defined duration.
-- PD
-
Fail to ban - remove blocked IPs
Make remove blocked IPs easy via n new gui button
0 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Allowing customers to whitelist IP address's from their control panel.
Giving the customer the option to whitelist any IP address from their control panel.
At the moment, if a customer wants to whitelist an IP address they cannot without server admin whitelisting the IP across the server.
cPanel have this option with Mod Security Manager.
5 votesAllowing endusers to allowlist themselves can result in significant security risks. For example malicious users could use this tactic to drive brute-force attacks against the server or other users on the same server which cannot be noticed when that malicious user has whitelisted his own IP.
No arguments have been given why it is not risk to allow endusers to allowlist themselves. We must decline this request.
-- PD
-
Change/adapt the rules for classifying a password?
Example: Would be a bad idea but is it possible to change the ruling so the password "test" is classified as very strong?
1 voteI don’t think we will do this for security reasons. For our product, the safety of our customers is very important and we will not expose them to such dubious changes.
—
IG -
Add function to block virus/trojan sender (Kaspersky KAV)
Every day I get thousands of virus and trojan mails that are filtered by Kaspersky. But there is no possibility to block the senders of these mails.
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
План защиты
1) Убрать вход в Plesk по ИП сервера!
2) При входе, если меняется ИП клиента, то сделать проверку на e-mail, с любым кодом! Который указан у клиента.
3) Дать возможность, менять порт :8443 в системе Plesk.
1 voteСпасибо за предложения, но, пожалуйста, создайте отдельный feature request для каждого предложения, и напишите их на английском языке, чтобы за них могли голосовать не только русскоязычные пользователи.
Кроме того, пункт 3 уже существует. В последних версиях Плеск вообще можно не использовать этот порт.
Этот запрос я закрываю, как неверно созданный.
—
IG -
Add the possibility to protect Plesk panel with Web Application Firewall (ModSecurity)
Plesk should provide a way to secure the Plesk administration panel with the Web Application Firewall (ModSecurity).
Currently, when Plesk is accessed via 8443, Apache is not handling any request. However, when Plesk is accessed via port 443, Nginx is working as a proxy.
This setup should be changed, Apache should work as a proxy to be able to filter the HTTP request with ModSecurity, adding an additional security layer.
5 votesWe do not see how this feature could improve Plesk security. All Plesk panel functions are behind a login, and the login can effectively be protected with the existing Fail2Ban jail. Also, this request only received very few votes through many years. We must decline it.
-- PD
-
independent passwords for database and user interface
To allow Plesk to have an independent admin user password for database, which won't be the same as the graphical user interface.
2 votesThis feature request has been reviewed. We came to the conclusion that currently there are no plans to update this part of the software. For specific requirements it is possible to add additional user(s) to the database that have privileges that allow full access to all or limited access to a specific instruction set. There are no limitations on this procedure so external access such as monitoring can be achieved by this simple workaround. Please consider this workaround if you require access to the database.
-- PD
-
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
More of a suggestion this is a question... Why my web browser shows that Plesk website is not secure?... am I missing something?
1 voteYou are wrong. Site plesk.com is protected by COMODO certificate.
—
IG -
provide two factor authentication for every login screen
provide two factor authentication for every login screen
1 voteUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
fail2ban notification
Make Fail2Ban send notifications when the server is under attack
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
A feature that enables storing logs, complaint and non-complaint to GDPR in Windows.
The idea is to have non-compliant GDPR logs so debugging can be done and compliant GDPR logs that don't contain IPs for example.
4 votesIt’s pointless. Once we have non-compliant GDPR logs, it makes no sense to have compliant GDPR logs.
—
IG -
Adding google recaptcha to plesk login area, or any captcha validation
Adding google recaptcha to plesk login area, or any captcha validation
23 votesWe are not sure why solving a captcha can be a better solution than the existing solution of a Fail2Ban jail monitoring login attempts. After all, with a captcha, users are forced to fulfill an extra step, do extra input and clicks just to login. It would make the login process more difficult for them and slow the process down while at the same time it does not provide any extra security. Moreover, many captcha solutions have violated EU GDPR. Also, with a captcha, this will not prevent bots from hammering the server with requests, hence causing unnecessary cpu load.
Instead, Plesk has a very secure and effective solution to block bots from testing passwords: Please use the existing "plesk-panel" Fail2Ban jail (Tools & Settings > IP Address Banning).
-- PD
-
Individual Users should have access to setup their own Session Expiry Time on Plesk
Since Hosting providers use plesk on Shared Environments where users are forced to use the same session expiry time shared on hosting server for all shared clients. If Plesk can provide the logged in shared user to set their own Session Expiry time then it would be superb.
Regards,
Mody1 voteThis feature only receive one vote through many years. It does not seem to be popular. We must decline it.
-
Manage all Firewall rules via Plesk GUI on Plesk for Windows
Ability to manage all Firewall rules via Plesk GUI on Plesk for Windows
4 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
Add the option to forbid execution of files in Plesk for Windows
In Plesk for Windows, add options to forbid executing .exe, .bat and other executable files in order to prevent starting of malicious scripts.
It should be added to domain and server-wide levels.6 votesNo further information on where in Plesk for Windows one can directly execute files, neither on where should .exe, .bat, .com be blocked was provided. We must decline this request.
-- PD
-
Extend Fail2Ban rules for Wordpress xmlrpc.php
Extend the Fail2Ban Rules for Wordpress xmlrpc.php, because of many bruteforce attacks on this.
4 votesWe have recommendations regarding this issue https://support.plesk.com/hc/en-us/articles/115002643313-WordPress-site-is-slow-Lots-of-log-entries-POST-xmlrpc-php-HTTP-1-0-499
So, you can always create own necessary fail2ban rule.
—
IG -
Force root ssh login to "without-password", with GUI option to "enable root login with password for 10 minutes"
Twofold:
1) Create a scheduled process that reconfigures /etc/ssh/sshd_config
-- if "PermitRootLogin" is enabled, change it to "without-password"2) Add an option in the GUI to allow ssh root login with password for 10 minutes, 30 minutes or 60 minutes
1 voteThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
- Don't see your idea?