switch Wordpress toolkit screenshot service to use only fixed and published IPs
I offer to switch Wordpress toolkit screenshot service to use only fixed and published IPs, for security purpose.
Plesk Tech Support
shared this idea
There are no plans to do changes to the existing screenshot function as it is asynchronous and should not affect operations. If you are experiencing issues with it, please open a support ticket with Plesk support. Also, this request only received 1 vote in 2 years. It did not become popular.
If you would like to disable screenshots altogether, you can add this section to the panel.ini file:
[screenshotService]
url = ""
and restart the panel services afterwards:
service sw-engine restart && service sw-cp-server restart
Since Plesk Obsidian 18.0.51 requests from the Plesk Screenshot Service to websites hosted in Plesk are marked by the custom “Plesk screenshot bot” User-Agent header.
-- PD
-
EhudZ
commented
I think the problem which this user voice comes to solve is not well defined in the user voice...
It's related to the Plesk toolkit using external IPs and being blocked by various FireWall, .htaccess and security plugins, causing problems to the normal functionality of Plesk WordPress tollkit.
I would also consider it a PLESK BUG and not a request for improvements.
-
EhudZ
commented
This is imported for security reasons as white listing the Plesk WordPress Tool Kit taking image of the instance from an outside server, that might be blocked.