Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
143 results found
-
Update the security options to best practice for domains page
Tiny things, should be easily implemented:
1) For HSTS the recommended settings are
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Otherwise if you add it elsewhere (the server headers page) you have to turn this off or get two headers implemented, and you do not get the full security rating on that security page and looks like something is missing (plus inconvenient if you do not know what to do).
2) OCSP stapling is something no longer recommended, and probably should be removed. Perhaps this could be replaced with automatic setup of the DS and CAA records (especially given the range of providers…
1 voteWe regret to inform you that since no additional details were provider for over a month and we still have no clear idea of the user benefits over the existing option we are closing the request.
-- SH
-
Implement OpenApp Sec in Web Application Firewall
Implement open app sec, as plesk customize the nginx package:
https://www.openappsec.io/playground
https://github.com/openappsec/openappsecIt would be good if is possible to use under plesk because it is a good tool, open source and free, and probably better than comodo/owasp rules.
1 voteSorry, we are closing the request as it didn't get enough votes within the last nine months.
--AA
-
Please tell me how to activate "xmlrpc". I'm curious how you do it What I want is activation and deactivation.(Xmlrpc-enable /disable) Coul
vultr (plesk)Please tell me how to activate "xmlrpc". I'm curious how you do it
What I want is activation and deactivation.(Xmlrpc-enable /disable)
Could you please create an xmlrpc function like other hosting companies?1 voteFor support questions please turn to either our community of reknowned expert users https://talk.plesk.com or Plesk ticket support https://support.plesk.com.
-- PD
-
Harden Your PHP for Better Security
We should all consider PHP security, giving us the option to Harden our PHP through the GUI or add an optimizer that does it automatically by scanning the websites.
2 votesWe regret to inform you that we are closing this request as no feedback was provider for quite a while.
-- SH
-
Add support for Heimdal Agent
Add official support to Heimdal Agent (https://heimdalsecurity.com/) for Plesk on Linux servers, including ARM architecture servers.
1 voteWe regret to inform you that we are closing this request as no feedback was provider for quite a while.
-- SH
-
Different SSL protocols for domains
Currently, Apache in Plesk can have only one set of SSL/TLS protocols (SSLProtocol defined in /etc/httpd/conf.d/ssl.conf).
In theory, it is possible to have different SSL/TLS protocols for each vhost if they are listening on different IP addresses.
Add this feature in Plesk to be able to define different set of SSL/TLS protocols for different vhosts.1 voteNo example/business case has been provided why different domains need different SSL/TLS versions. As this request only got 1 vote it does not seem to be popular either. We must decline it.
-
Plesk Fire Wall to upload faster, and allow incremental changes
Plesk FW when having lots of rules, is SUPER SLOW, because the rules are handled by a bash script, whereas compiled executables which ia a lot faster, is not used. This is asked to be changed.
Also, please make sure the Fire Wall script does not call a DNS query for the host of each IP, as mentioned here:
https://serverfault.com/questions/85602/iptables-l-pretty-slow-is-this-normalAlso, as fail2ban may add a CIDR ip as x.x.x.x/12 within a blink of an eye, I am asking for Plesk to implement such incremental change ability on the Plesk Fire Wall As well
fail2ban-client -vvv set nginx_errors banip x.x.x.x/12
1 voteThank you for your feedback. Unfortunately, this request contains several different suggestions, and it's not technically possible to properly handle them inside one request. Please consider creating separate feature requests for each of the items.
--
IG
-
Implement logic for DDOS protected domains
As a hosting company we should have an option to give customers ddos protection.
The only implementation that works great is taking a domain, secure it with ddos protection service and generate customers a subdomain under this domain.
Lets say, example.com is protected under ddos protection software.
A customer clicks on "add domain" and if we blocked the option to add any domains, there will be only generated a subdomain under example.com, EG: website1223153.example.comThis subdomain would be protected by a ddos protection service.
The customer can create a CNAME to website1223153.example.com in order to connect his domain to the…1 voteEffective DDoS protection can only be done by hardware solutions that are installed between Internet and server. Traffic directed to the server must be analyzed, and in case of DDoS it must be blocked before it reaches the server, because bandwith of NICs and CPU power will always be too small to cope with attacks. Once an attack reaches the server it is "too late". For that reason we suggest speaking with your data center instead if they can provide a suitable router before your server or maybe you can check a well-known cloud service through which traffic to the host and domains hosted on that host is routed.
-- PD
-
NS in the firewall
About the firewall, access can currently be allowed from manually added IP addresses. I think it would be a good idea to be able to add nameservers to allow FTP and SSH access from places where the IP changes periodically.
1 voteThe requested function will require name resolution on every incoming packet. This will result in extreme slowing of the server. As this request did not gain popularity either, we must decline it.
-- PD
-
Add a possibility to enable debug for iptables using Kernel TRACE
It would be great to have an ability to enable dubugging as describe here: https://serverfault.com/questions/122157/debugger-for-iptables/126079#126079 using Plesk Firewall
1 voteIt seems that demand for this feature is low. It is something very specific for users who are familiar with the Linux console and iptables already, hence will be able to get the required output on the Linux console, too. As this request did not become popular we must decline it.
-
Show if server needs reboot
It should be nice to have a notification if server needs reboot inside plesk.
Like after big updates ( kernel , os components ... )
Like message when you connect to SU in SSH.
2 votesAs major operating system changes that require a reboot (such as the mentioned Kernel upgrade) are not subject of updates that can be done from within Plesk, a reboot message is not needed. This request did not gain popularity either, so we must decline it.
-- PD
-
Add a security mechanism when changing a user password
Add a security mechanism for resetting a user password in Plesk, for example verify the password change via email or add a field to submit the old password (implemented for Plesk admin user)
1 voteWe regret to inform you that we had to close your suggestion as it did not receive any votes over the course of three years. Thank you for your attempt to help making Plesk better.
-- SH
-
Automate Abuse Reports to ASNs, from Plesk run Logs, According to pre-defined Scenarios, and Excluding White Listed IPs
Hi,
After blocking full CIDR ranges for small to medium ISPs hackers used to attack our server, I manually block huge ranges of CIDR IPs of the big tech companies. This ISPs have so many IPs that FireWall might not be able to technically block.
I find it important, that big hosts would sweat, for hosting such hackers, and possibly not blocking them efficiently, mainly blocking payment methods they use.
Thus, I would very much would like lots of users to have an automatic tools enabling automatic Abuse reports (usign email or pre analyzed report forms), for pre-defined rules-set (i.e.,…
1 voteUpd: Sorry, we are closing the request as no information was provided for over a month.
—
IG -
Make Security NOT an Option (part of base price - just increase it a bit!)
It saves everyone time and frees your technicians up for doing real work - plus you are better stewards of the Internet.
1 voteUpd: Sorry, we are closing the request as no information was provided for over a month.
—
IG -
Make more than one server-wide certificate available for selection in Hosting Settings
Currently, only the default certificate in Tools & Settings > SSL/TLS Certificates is globally available for domains to choose from Hosting Settings. Make it possible to select a server-wide certificate other than the default one.
1 voteWith only 1 vote in 2 years this request did not become popular. We must decline it.
-- PD
-
Linux kernel management with Beta test mode
It would be nice to be able to change Linux kernel easily to get the last improvements offered in drivers and security like Manjaro kernel management software : https://wiki.manjaro.org/index.php/Manjaro_Kernels.
It would permit to test more quickly plesk with new kernels an implement them more rapidly for advanced users.
Like a beta test mode.
A debug mode would help with it.
1 voteI think it is easy to do this at the package update level of your operating system. Plesk does not control and does not depend on the OS kernel.
—
IG -
Inform users automatically of weak password usage (emailaccounts, FTP, installed WP installations, etc.)
I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.
We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.
This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.
It should check for weak passwords for:
- weak passwords used in emailaccounts
- weak passwords used for user created databases
- weak passwords for hostingaccounts
- weak passwords…
3 votesThis is a technically impossible task, because none of the passwords are stored in plain text, but they are stored as hashes. The length or characteristic of a hash does not reveal whether the password is weak or strong. For that reason it is impossible for a software to determine which passwords are the weak passwords and which are the strong, hence users with weak passwords cannot be identified.
-- PD
-
More advanced anti-ddos interface and settings
This (https://support.plesk.com/hc/en-us/articles/115000784914-What-DDoS-protection-tools-are-available-in-Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks.
It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings to better protect our servers from ddos attacks without the need to install a third party extension with additional costs. Preferably created with "good defaults" in mind.
8 votesWe regret to inform you that we are closing this request as no feedback was provider for quite a while.
-- SH
-
Use of device mac address
Is it possible to introduce access restrictions using mac address in firewall
1 voteUpd: Sorry, we are closing the request as no information was provided for over a month.
—
IG -
recapcha
Could you add the possibility to add recapcha to a website e.g. as an extension?
1 voteWe are engaged in the development of a control panel for hosting, but not hosting sites and their creation. We are not responsible for the content of sites hosted by Plesk. This is the task of the site developers.
—
IG
- Don't see your idea?