Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

105 results found

  1. Add possibility in ModSecurity to configure real-time file scan when files are uploaded

    It would be great to add possibility in ModSecurity to configure real-time file scan when files are uploaded: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#files_tmpnames

    Such feature will allow the Plesk administrator to configure some Perl scripts to analize all the files uploaded by the users.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. User Role Permissions

    Users with permissions to edit roles can edit rights that they do not own and create roles with rights that they do not own. It would be ideal if a user who has the permissions to edit roles can only change and assign rights that he owns.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Add possibility issue Let's Encrypt SSL certificate for mail server when the "A" DNS record for domain is pointing to another server

    This feature is required for users with the configuration when on the Plesk only mail server for domain is used.

    "A" DNS record for mail.example.com is pointing to Plesk server, when when "A" record for example.com is pointing to another server.

    154 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    43 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Centralized SSL Certificate Support

    I would like if you guys can add Centralized SSL Certificate Support in Plesk GUI, it would be easy to manage,
    as I had added a UNC path (\172.16.0.11\shared-certificates) in my Plesk via command line but now I cannot switch back to local path (C:\shared-certificates) as it was configured with UNC path & if I add a local path via command line, it says that the UNC path is not available even though I am using local path.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Add Nginx Jails to Fail2Ban

    Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.

    That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.

    This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
    https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

    Search for: fail2ban nginx 404
    E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
    Note The 404 code is…

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    So that if subscription example.com contains 1.example.com 2.example.com 3example.com.
    We can select as an example only the subdomain 1 and 3

    Same for other components like databases.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Plesk for Windows - RdpGuard

    Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
    This is a very good alternative to IP2ban (which is only for Linux).

    Thanks

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Password-protected directories: LDAP / Active Directory

    Fetch users from AD for Password-protected directories

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. OWASP security recommendation hide php version from web server by default

    I've noticed that in a default plesk installation the web server is configured to disclose php version. This could be exploited especially with a lot of websites running insecure php versions still.

    I think it's not much trouble to implement this simple "security through obscurity" step to not disclose this information and help attackers detect vulnerabilities in PHP itself.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Email notifications/alerts for Modsecurity (WAF)

    It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Enable OCSP stapling and HSTS for Plesk panel

    OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
    However these settings cannot be enabled while securing Plesk panel.
    So it will be really appreciated if such functionality is included in future Plesk updates.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Social Login SSO - Microsoft O365 Support

    Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Add ability to use the one Let's encrypt account Id for the whole server

    Add ability to use the one Let's encrypt account Id for the whole server

    After this, it will be possible to request Let's Encrypt Rate Limit Adjustment for the whole server.
    https://docs.google.com/forms/d/e/1FAIpQLSetFLqcyPrnnrom2Kw802ZjukDVex67dOM2g4O8jEbfWFs3dA/viewform

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Add option to Whitelist IP in Fail2Ban and mod_security

    I always need to whitelist IPs in Firewall, Fail2Ban and mod_security.

    u could add at least an option to also whitelist fail2ban in mod_security or even make two checkboxes in Firewall whitelisting to whitelist ip in all three modules.

    also usage of dns instead of ip would be greate for example PayPal does recomment to whitelist dns for api!

    THX

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Enable SSH Key Generate via Plesk Control Panel

    With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. block bad bots by default

    There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.

    It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.

    Here's an example for Apache

    https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4

    And here's for Nginx

    https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

    It could help mitigate attacks and vulnerability scans as well a…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. check passwords against Pwned Passwords API

    Plesk should check user typed passwords against Pwned Passwords API

    https://haveibeenpwned.com/API/v2

    that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks

    WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2

    it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/

    I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)

    It makes a lot of sense to do this, there are no drawbacks
    it should be option that users can enable/disable
    if you don't need it, you can disable…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Deny access to all dot files by default

    A lot of web applications that are either built or simply installed on a website use dot files and folders, whether those be .htaccess, .git, .env, etc.

    Generally speaking dot files and folders are used to store either sensitive files or backend configuration which you would never want users to be able to access.

    By default Apache has some protection built-in to restrict accessing dot files, but Nginx does not. This creates a potential security risk, for example I might install a web application or build one which has dot files in the public root, these most likely would be…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Have a "call-in PIN" (support phone password) field in each user account

    I think a call in pin would be nice. Something that the user can change, but it is kept hidden unless they are logged in and click on it to see it. This will allow for end users to request help securely.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base