Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
2103 results found
-
Introduce a built-in CLI tool (e.g. plesk bin monitoring) that allows administrators to monitor and report memory limit breaches
Introduce a built-in CLI tool (e.g. plesk bin monitoring) that allows administrators to monitor and report memory limit breaches across multiple domains or subscriptions.
The goal is to provide a fully CLI-based method for identifying which domains have exceeded memory limits — particularly in environments where GUI-based tools like Resource Controller (ResCtrl) are disabled, or when automated monitoring scripts are needed.
2 votes -
ARM support for the new Imunify extension
Introduce support for ARM-based server for the new Imunify extension. Because of growing popularity of ARM architecture it is expected to have more and more demand of Imunify on servers with it.
4 votes -
MFA extension does not generate security codes
Most accounts with MFA have the option of generating emergency one-time codes to ensure continuity of the account. Currently, If one user loses its MFA device, the extension has to be reinstalled, which will cause all users having to reset their tokens,
2 votesThis is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
In the meantime, if a particular user loses access to their MFA device, you can deactivate MFA only for that particular user by:
- Logging into Plesk panel as the admin user
- Navigating to Extensions > Multi-Factor Authentication (MFA) > Accounts tab
- Clicking on the Minus icon next to the corresponding user.
It is not necessary to completely reset MFA and affect all users on the server.
-- SH
-
Please upgrade mysql version on plesk dashboard
Currently not supported latest most of the features due to sql query getting large and not able to use fully supported features to speed up website.
1 vote -
Disable SSH terminal for additaionl subscription user
In case, if SSH access is enabled in Plesk > Domains > example.com > Hosting & DNS > Hosting, all subscription's additional users who have access to Plesk can use the SSH terminal.
Therefore, it would be good to have the possibility to disable/restrict the use of the SSH terminal for specific subscription additional users.2 votes -
Queue emails over limit in a domain instead of defearring
If you have activated a limit and the limit is reached, all further mails are rejected. It would be good if for these emails to remain in the mail queue and be sent automatically after the set time for the limit has expired.
5 votesThank you for your input! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH
-
Add visual IP Reputation to Plesk's IP Blocklist
The IP blocklist in Plesk could be enhanced with icons indicating whether a blocked IP is frequently reported as a spam source. To achieve this, data from reputation databases such as abuseipdb.com can be integrated. This allows administrators to quickly identify which IP addresses are particularly suspicious.
To respect data privacy, additional settings could be provided that allow users to disable this feature if desired.
1 vote -
Implement a generic ACME client for TLS Certificate issuance and automatic renewal
The runtime for certificates is being reduced soon making manual renewal impossible.
From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
Currently the ONLY way to automate certificate renewal in Plesk is by using the Let's Encrypt extension using the official Let's Encrypt ACME servers.…1 vote -
Expert Heat Pump Installation Auckland – Airperfection
Looking for reliable heat pump installation Auckland services? Look no further than Airperfection – your local experts in heating and cooling solutions. Whether you're upgrading your current system or installing a brand-new heat pump, we provide fast, efficient, and affordable services tailored to your needs.
At Airperfection, we understand Auckland’s changing climate and offer energy-efficient heat pump systems to keep your home or business comfortable all year round. Our team of certified technicians ensures a smooth and professional installation process with minimal disruption.
Why choose Airperfection for your heat pump installation in Auckland?
Trusted local experts with years of experience
…
1 vote -
ability to toggle WordPress REST API endpoints
I've recently discovered that by default, WordPress exposes a REST API endpoint at /wp-json/wp/v2/users which can be exploited to enumerate users. While I have found a workaround by creating a custom rewrite rule in IIS to block access to this endpoint, I believe this should be a built-in feature of the WP Toolkit.
I propose that Plesk add an option within the WP Toolkit to easily enable or disable access to specific REST API endpoints, such as /wp-json/wp/v2/users. This would provide an additional layer of security for WordPress sites and make it easier for administrators to protect their websites.
I…
7 votesThank you for your input! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH
-
Roundcube Sieve Autoresponder missing DKIM signature
In the current implementation, sieves autoresponder is using an empty sender address for auto reply.
We suggest the following config change:
/etc/dovecot/conf.d/90-plesk-sieve.confplugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve # Horde webmail (Ingo sieve backend) is not aware of RFC 'imap4flags' and # 'enotify' extensions. Enable old deprecated ones. sieve_extensions = +notify +imapflags sieve_vacation_send_from_recipient = "yes" # <- New }This setting ensure that the original recipient is used as envelope sender address for the auto reply, especially required for big providers like google and microsoft. This setting also enables DKIM signing for auto responder to be compliant with…
1 vote -
Fully Support w3-total-cache or other cache plugins with WP Toolkit
Currently, w3-total-cache (with nginx proxy=off mode) is not fully supported, if the plugin is enabled then Clone or Smart updates performed via WP Toolkit will fail (see bug EXTWPTOOLK-4639)
4 votes -
Import existing accounts from SmarterMail remote to Plesk
We have a remote server for mail with SmarterMail. We have a problem, when the clients creates an account from SmarterMail, there is no automatic script or something from Plesk that synchronises all the accounts.
5 votesThank you for your input! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH
-
Add SmarterMail admin email management in Plesk
Users who create email accounts through Plesk do not have the option to configure them with administrator permissions in SmarterMail.
This limits their ability to manage spam filters, safe senders, and other advanced settings directly in SmarterMail.
Add an option in the Plesk email account creation process to assign administrator permissions in SmarterMail.
This would allow users to manage their email accounts more fully and autonomously.3 votes -
Composer tool enhancements - add GUI command interface and private repository support
In my opinion the plesk composer utility needs some of the functionality that the laravel composer tool has:
Ability to run composer commands from the GUI rather than the CLI like the Laravel tool has implemented - if the site/subscription is not a laravel application, you don't have this option. You must use the CLI.
Ability to require private repositories - much like the git utility does for cloning a repository. Currently we have to manually edit the composer.json file then either add the users default key to github as a deploy key or generate individual keys for each repository…
1 vote -
Use 360 Monitoring data to feed the monitoring widget at Plesk initial page
Use 360 Monitoring data to feed the monitoring widget at Plesk initial page
3 votes -
Add warning that Spam Filter is disabled when turning local copies off
Spam Filter tab disappears when checking the "Do not deliver copies of forwarded emails to the Plesk mailbox" option for a mailbox
This should be documented and underlined in the Plesk interface, on the "Edit Mailbox" screen, with a "yellow warning/info box" that will be displayed one we check this checkbox. "Forwarding messages to an email address without keeping a copy of the messages in the local mailbox disables the Spam Filter for this e-mail account."
3 votes -
Root level File Browser and File Editor
Full file browser, like the customers use at their website but for the entire server, so the admin can easily required modify files.
1 vote -
Manage Windows Firewall Rules via Plesk CLI utilities
While firewall settings can be adjusted via the Plesk GUI, users who prefer automation and scripting are forced to use Windows PowerShell instead of Plesk’s built-in CLI.
Currently, there is no direct way to:
Add, modify, or remove Windows Firewall rules via Plesk CLI.
Disable or change default firewall rules, unlike in the GUI.3 votesThank you for your suggestion! We will consider this functionality in upcoming releases if it becomes popular.
Everyone, please continue voting for this feature if you consider it important.
-- SH
-
Adjust the Website Log Checker to not show errors related to blocked xmlrpc.php requests by ModSecurity
Currently, Website Log Checker flags rejectred access to xmlrpc.php as issues of "Modsecurity: access denied with access code 403" kinds of errors. Additionally, the requests to xmlrpc.php is being blocked by WP Toolkit security measure "restrict access to xmlrpc.php"
ModSecurity protects website by detecting and blocking dangerous requests. If ModSecurity rules are disabled, the extra layer of protection is lost.
Relying only on WP Toolkit to block access is risky. If I forget to set it up, my site could be left vulnerable. ModSecurity is reliable, and I woouldn’t remove it just to clean up logs.
My Suggestion: Adjust the…
2 votes
- Don't see your idea?