Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

130 results found

  1. SSL Certificates with passphrase

    It'd be great to have an option to upload 3rd-party SSL certificates with passphrase in Plesk

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  2. Firewall, Remote Adress(es): input a lot of remote adresses at once.

    In the Firewall settings, to input remote adress(es) to block or allow, it would be usefull, to input a lot of remote adresses, just to block or allow a whole company at once (after getting their adresses from ipinfo.io, for example).

    Actually I get spam, check remote IP (at dnslytics.com for example) and block that IP, if wanted.
    After getting a lot of these mails from IP adresses of the same company, I get the IP adresses from that company and block all the known IP ranges...one by one.
    That could be 100s or more and take too much time.…

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  3. Ability to monitor clients uploads via FTP or File Manager

    It would be nice to have the ability to detect customer uploads via FTP or File Manager. So it will be possible to check files afterwards.

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  4. Add support to Atomicorp rulesets for ModSecurity 3.0 (nginx)

    At the moment you can only choose the OWASP ruleset in the Plesk UI for ModSecurity 3 (nginx). Please add support to Atomicorp rulesets as well.

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  5. Add Plesk password generate button to the Create user for the protected directory form

    Add a Plesk password generate button that matches with the server password policy level in the Create user for the protected directory form

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  6. Disable "Show password" buttons

    An option to disable "show password" buttons would be a nice addition to the security policy.

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  7. In banned IP of (Fail2Ban) add the name of subscription where the violating IP was found

    In banned IP of (Fail2Ban) add the name of subscription have the infection

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your feature request. We will consider the possibility of its implementation if it becomes sufficiently popular and in demand.

    IG

  8. Disable/Enable access to plesk web interface

    I want stop plesk web interface without side effects for the services. I only mean the access as client in the browser. I'm thinking about disabling the web interface via the shell to avoid the many login attempts, to increase security and if you need the web interface yourself, you can temporarily enable it via the shell.

    or

    Here is already a feature "Restricting Administrative Access" per ip address. https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/restricting-administrative-access.59465/ Nice, but most of us have a dynamic ip address. So it would be nice if you could set the allowed IP(s) via the shell and delete old invalid IPs…

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  9. Preset "webmail" and other checkboxes upon SSL certificate creation or reissuing as "checked"

    Please provide a possibility to secure webmail automatically if webmail.example.com exists in Plesk.

    This can be done by auto-selecting "Secure webmail on this domain" during a certificate creation for example.com.

    As it currently stands, end users get confused by the feature.

    The more Plesk can simplify this process for end-users, the less support will be required for my customers.

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  10. Centralized SSL Certificate Support

    I would like if you guys can add Centralized SSL Certificate Support in Plesk GUI, it would be easy to manage,
    as I had added a UNC path (\172.16.0.11\shared-certificates) in my Plesk via command line but now I cannot switch back to local path (C:\shared-certificates) as it was configured with UNC path & if I add a local path via command line, it says that the UNC path is not available even though I am using local path.

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  11. separate user group for iwpd users

    For plesk on windows

    It would be helpful if plesk created a separate user group for all IWPD users.

    That would allow me to set specific security settings to that group.

    See this kb article as an example: https://www.plesk.com/kb/support/access-to-cmd-exe-and-powershell-exe-how-to-allow-it-to-subscription-users-and-deny-to-iis-users-on-a-plesk-server/

    Because the IWPD user and account user are in the same psacln group we cannot use that group to block cmd or powershell access (since the domain account apparently needs to be able to run those commands).

    The workaround revolves around manually creating a new security group and manually adding those users to the new group, the obvious problem with that…

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  12. Update the security options to best practice for domains page

    Tiny things, should be easily implemented:

    1) For HSTS the recommended settings are

    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Otherwise if you add it elsewhere (the server headers page) you have to turn this off or get two headers implemented, and you do not get the full security rating on that security page and looks like something is missing (plus inconvenient if you do not know what to do).

    2) OCSP stapling is something no longer recommended, and probably should be removed. Perhaps this could be replaced with automatic setup of the DS and CAA records (especially given the range of providers…

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    more input required  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded

    Thank you for your input. The functionality is already available in the SSL It! Plesk Extension:



    The only difference is the default max-age option is 6 months rather than a year, but it could be customized. In case this is not a satisfactory solution, could you please provide us with more feedback on the reason?


    As for your additional two suggestions please open a separate idea. We aim to keep every request separate with consideration to consistency and better tracking.


    Thank you in advance for your cooperation.

    -- SH

  13. Malware scanner for Linux systems

    maybe implement this tool from kaspersky into Plesk

    Malware scanner for Linux systems

    We’ve released a free application that allows you to scan Linux systems for known cyberthreats.

    German:

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  14. Use FSRM to block the execution of binaries and scripts in vhosts folder in Plesk Windows

    Provide the ability to use File Server Resource Monitor to block the execution of *.bat, *.exe and *.cmd that are executables which can contain malicious code or malware and thus we don't allow them to be executed by customer by any means. The use of FSRM blocks the installation of WordPress, Joomla and woocommerce because it needs permission to run scripts in vhosts folders.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  15. Stop postfix from delivering mail locally when MX record points externally to avoid mailbox hijack e.g. @gmail.com addresses.

    Prevent mail interception / hijack where any customer can create domains when not prohibited explicitly and intercept for example a john.doe@gmail.com mailbox because SMTP will deliver this locally if the mailbox exists.

    Almost every domain on the internet does have its own MX record and many of them are operate their own email server (not only Gmail). Why not address this potential security issue by checking MX records not only if the domain exists locally.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded

    Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.

    Everyone, please continue voting for this feature if you consider it important.

    For the time being, please consider using Tools & Settings > Security > Prohibited Domain Names to prevent users from creating well-known domain names in their accounts.

    - PD

  16. Implement OpenApp Sec in Web Application Firewall

    Implement open app sec, as plesk customize the nginx package:

    https://www.openappsec.io/playground
    https://github.com/openappsec/openappsec

    It would be good if is possible to use under plesk because it is a good tool, open source and free, and probably better than comodo/owasp rules.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  17. Automatic/option for hiding of Plesk, PHP, Apache, Nginx, Wordpress, Drupal, etc. 'reveals'

    It would be so useful to accommodate one hardening feature, and that would be to switch on/off the server reveal options for Nginx/Apache (Lightspeed, whatever), the expose_php attribute for the version number in PHP (and equivalent in Perl, etc.), the Wordpress/Drupal (and Joomla, etc.), reveal of their presence and version numbers. See this article for the cybersecurity relevance of that (there's a lot more on the 'securityheaders.com' website and free checkers for all of this there too), but I pick this as an illustration of what I'm referring to with php:

    https://serverhealers.com/blog/hide-php-version-x-powered

    All of these things are simple, and just…

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  AdminPlesk Staff (Community Manager, Plesk International GmbH) responded

    Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.

    Everyone, please continue voting for this feature if you consider it important.

    Here I'd like to add, though, that in the real world attackers simply test a website against all known vulnerabilities, regardless what webserver, PHP or other software version they detect. Actually, such version information are of no interest, they simply drive tests against all known flaws. So adding the feature will probably not help against hacking attempts.

    -- PD

  18. add sshd to services list for restart or enabling on demand

    Sometimes it's usefuil to be able to restart the sshd service, especially if the service is not reachable anymore. For increased security it could also be usefull to enable sshd only if needed other the panel.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  19. Fail2Ban option to apply custom firewall rule to banned IPs

    It would be great to have an option in Fail2ban to send the blocked IPs directly to a Custom Firewall Block Rule, to block these IPs permanently.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  20. Plesk Admin Login - Enable IP Address Locking. In other words, like a firewall, specify the IP address source

    Plesk Admin Login - Enable IP Address Locking. In other words, like a firewall, specify the IP address source.

    This simply eliminates concerns about password hacking as a Dedicated IP (source location) can be specified just like Remote Desktop.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
1 2 3 4 6
  • Don't see your idea?

Feature Suggestions

Categories

Feedback and Knowledge Base

(thinking…)