Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Upgrade ModSecurity IIS to 2.9.4

    Currently Plesk installs ModSecurity IIS 2.9.3, which was released on December 5 2018. On June 11 2021, ModSecurity 2.9.4 was released, it's important to stay up to date with software version releases.

    https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.4

    Please note:

    • Windows installer no longer includes OWASP CRS.
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disk encryption

    Disk level encryption.
    Similar to what AWS offers with RDS.
    Encryption at rest for the entire server rather than doing it column by column manually.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. To make it easier to configure DKIM, SPF, and DMARC Protection are automate the process

    The guidelines about how to enable DKIM, SPF, and DMARC Protection are difficult to read and understand how to implement. It would be easier to automate this process. Especially because those are very important for mail and web safety.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add a security mechanism when changing a user password

    Add a security mechanism for resetting a user password in Plesk, for example verify the password change via email or add a field to submit the old password (implemented for Plesk admin user)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. I need TTF (True Type Font) support for use with/in a PHP Captcha class.

    There are different kind of Security steps we have to take in use for the user interaction. CAPTCHA is the main item in this respect when we provide users with front end data input(via any form) and in some cases all forms do not support Google Re-Captcha, then we have to use custom PHP Captcha class to complete the security steps of user submitted data within a form.

    For most of the character based Captcha, they mostly used TTF font (True Type Font).

    So, Please add support for TTF Fonts with Plesk.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. support algorithm 16 (ed448) in DNSSEC

    Recognising the increasing challenges in these times, would welcome the implementation of the Edwards-curve Digital Signature Algorithm (EdDSA) type ed448 for security and to keep ahead of the curve (sic.) on the cryptographic front...

    interesting tool here too for those interested in checking out where they're up to with browser support (and to know the differences between the different algorithms): https://ed448.no/

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fail2ban with default jail "plesk-tor" or as checkbox in plesk firewall

    From time to time TOR users attack my server. I would like to have a fail2ban jail for TOR that can be turned on and off. All IPs are listed here: https://check.torproject.org/torbulkexitlist

    Or as a firewal rule.

    I realize that the attacker can also use other services.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Disable "Show password" buttons

    An option to disable "show password" buttons would be a nice addition to the security policy.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. In banned IP of (Fail2Ban) add the name of subscription have the infection

    In banned IP of (Fail2Ban) add the name of subscription have the infection

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Integrate CrowsSec

    It would be a great security improvement to integrate CrowdSec to Plesk Panel.
    Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems.
    https://github.com/crowdsecurity/crowdsec

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make more than one server-wide certificate available for selection in Hosting Settings

    Currently, only the default certificate in Tools & Settings > SSL/TLS Certificates is globally available for domains to choose from Hosting Settings. Make it possible to select a server-wide certificate other than the default one.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. 2FA/TOTP for additional admin accounts.

    Plesk supports Authenticators for the primary admin account.

    However, additional admin accounts can still log in without 2FA.

    This feature would be great to abide to basic security guidelines as it still involves important client data.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Prevent users to be able to remove files from file manager

    Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.

    An example that could be applied is the same as it can be applied already for ProFTP config files as follows:

    <Directory /var/www/vhosts/*/.cagefs>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/.cl.selector>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/error_docs>
    <Limit DELE>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs>
    <Limit RMD>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs/*>
    <Limit RMD>
    AllowAll
    </Limit>
    </Directory>

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Apply SELinux policy for custom vhosts directory

    Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Inform users automatically of weak password usage (emailaccounts, FTP, installed WP installations, etc.)

    I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.

    We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.

    This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.

    It should check for weak passwords for:

    • weak passwords used in emailaccounts
    • weak passwords used for user created databases
    • weak passwords for hostingaccounts
    • weak passwords…
    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable IIS option "loadUserProfile:true" for dedicated application pools

    In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, .NET Core or PHP.

    You can find some basic information about this setting in this Stack Overflow answer: https://stackoverflow.com/a/17149834/1297898.
    Official Microsoft documentation: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, https://docs.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sites

    I will be pleased to provide any additional information you may require.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. More advanced anti-ddos interface and settings

    This (https://support.plesk.com/hc/en-us/articles/115000784914-What-DDoS-protection-tools-are-available-in-Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks.

    It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings to better protect our servers from ddos attacks without the need to install a third party extension with additional costs. Preferably created with "good defaults" in mind.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Separate mozilla tls cipher settings for web and mail

    Please separate the mozilla tls cipher settings for web and mail.
    Sometimes the old ciphers has to set only for mail and not for web.
    Additionally it would be great if the setting could available on domain basis.

    Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. increase the number of IP you can select form 100 to 1000, it would be a time saver for us instead of selecting only a 100 IP art a time

    increase the number of IP you can select form 100 to 1000, it would be a time saver for us instead of selecting only a 100 IP art a time

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base