Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integrate CrowsSec

    It would be a great security improvement to integrate CrowdSec to Plesk Panel.
    Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems.
    https://github.com/crowdsecurity/crowdsec

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable IIS option "loadUserProfile:true" for dedicated application pools

    In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, .NET Core or PHP.

    You can find some basic information about this setting in this Stack Overflow answer: https://stackoverflow.com/a/17149834/1297898.
    Official Microsoft documentation: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, https://docs.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sites

    I will be pleased to provide any additional information you may require.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. 2FA/TOTP for additional admin accounts.

    Plesk supports Authenticators for the primary admin account.

    However, additional admin accounts can still log in without 2FA.

    This feature would be great to abide to basic security guidelines as it still involves important client data.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Prevent users to be able to remove files from file manager

    Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.

    An example that could be applied is the same as it can be applied already for ProFTP config files as follows:

    <Directory /var/www/vhosts/*/.cagefs>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/.cl.selector>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/error_docs>
    <Limit DELE>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs>
    <Limit RMD>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts//httpdocs/>
    <Limit RMD>
    AllowAll
    </Limit>
    </Directory>

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Automate Abuse Reports to ASNs, from Plesk run Logs, According to pre-defined Scenarios, and Excluding White Listed IPs

    Hi,

    After blocking full CIDR ranges for small to medium ISPs hackers used to attack our server, I manually block huge ranges of CIDR IPs of the big tech companies. This ISPs have so many IPs that FireWall might not be able to technically block.

    I find it important, that big hosts would sweat, for hosting such hackers, and possibly not blocking them efficiently, mainly blocking payment methods they use.

    Thus, I would very much would like lots of users to have an automatic tools enabling automatic Abuse reports (usign email or pre analyzed report forms), for pre-defined rules-set (i.e.,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable "Show password" buttons

    An option to disable "show password" buttons would be a nice addition to the security policy.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Separate mozilla tls cipher settings for web and mail

    Please separate the mozilla tls cipher settings for web and mail.
    Sometimes the old ciphers has to set only for mail and not for web.
    Additionally it would be great if the setting could available on domain basis.

    Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. In banned IP of (Fail2Ban) add the name of subscription have the infection

    In banned IP of (Fail2Ban) add the name of subscription have the infection

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. More advanced anti-ddos interface and settings

    This (https://support.plesk.com/hc/en-us/articles/115000784914-What-DDoS-protection-tools-are-available-in-Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks.

    It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings to better protect our servers from ddos attacks without the need to install a third party extension with additional costs. Preferably created with "good defaults" in mind.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add "mail.example.com" (mail subdomain) in Subject Alternative Names when option "Assign the certificate to mail domain" is selected

    Currently almost all mail clients (I used) need the server address to be in the Subject Alternative Names on the certificate, meaning if the configured address is "mail.example.com" instead of "example.com", that first subdomain is not present in the certificate, even when the option "Assign the certificate to mail domain" is selected when issuing the certificate.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Require domain TXT record verification before adding domain to Plesk.

    Require domain TXT record verification before adding domain to Plesk.

    Plesk need to implement an option to require domains to be verified like for example Let's Encrypt with a TXT record with a key value, that Plesk can check on an admin specified interval like 5 mins perhaps, with a self-cleaning feature that removes un-verified domains after X days.

    So as Plesk administrator you can activate the domain verification option on subscription level, that requires the customers to verify their domain, when using the function "add domain".

    So "add domain" should have an initial state of "awaiting verification" before it…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make more than one server-wide certificate available for selection in Hosting Settings

    Currently, only the default certificate in Tools & Settings > SSL/TLS Certificates is globally available for domains to choose from Hosting Settings. Make it possible to select a server-wide certificate other than the default one.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Inform users automatically of weak password usage (emailaccounts, FTP, installed WP installations, etc.)

    I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.

    We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.

    This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.

    It should check for weak passwords for:


    • weak passwords used in emailaccounts

    • weak passwords used for user created databases

    • weak passwords for hostingaccounts

    • weak passwords…
    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disable old TLS protocols in Plesk for Windows

    In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:
    > plesk bin server_pref -u -ssl-protocols "TLSv1.2"

    Or meet with PCI compliance with the utility:
    > plesk sbin pcicomplianceresolver

    Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813

    It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Block user access after failed attempts

    It would be great to implement in Plesk a new feature.

    When there are X failed attempts, in Plesk there should be the possibility to block automatically the access to the customer account (completely or for a certain period of time).

    As per now, Plesk block the IP address via Fail2ban, but this is not the feature that we need. We just want to block the access completely or temporarily for the affected login.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Created Scheduled Tasks (Cron jobs) via Plesk GUI should be registered in the action log

    At the moment the created Scheduled Tasks (Cron jobs) via Plesk GUI are not registered in the action log.

    Also, according to /var/log/messages and /var/log/cron it is not clear what task was created, the name of the task and it is also difficult to understand was the cron task created or not.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. WebAuthn two-factor-authentication at the webinterface (FIDO, FIDO2, U2F)

    Implementing the new standard WebAuthn would be the best solution for 2FA.

    44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Apply SELinux policy for custom vhosts directory

    Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add possibility issue Let's Encrypt SSL certificate for mail server when the "A" DNS record for domain is pointing to another server

    This feature is required for users with the configuration when on the Plesk only mail server for domain is used.

    "A" DNS record for mail.example.com is pointing to Plesk server, when when "A" record for example.com is pointing to another server.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. OCSP stapling for webmail in Plesk

    Add a feature to enable OSCP stapling for webmail of domains that will increase webmail security.

    This feature is already available for domains in the SSL It! extension.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base