Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 410 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Block the IP of the selected country in Firewall

    Firewall should be able to block the IP of the selected country. I have a lot of traffic from the IP 5.10. *. *

    362 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  51 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change admin username

    It should be possible for the admin user to change his user login name. The name "admin" is not very secure, because it's easiert to hack via brute force. The hackers know, the name is "admin". If the user would be able to change his login name, it would increase the security of Plesk Panel.

    352 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    43 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have serious doubts this function can really increase server security:
    1) Plesk has built-in protection against brute-force on login – it will lock the login form. So no one can try multiple attempts
    2) Arbitrary login name adds very little guess-complexity to a proper password. If you have concerns for your login brute-forced – add another 5-7 characters into your password and feel safe.

    As changed login name is still very likely to be some sort of vocabulary word or derived from your other account name – this function would only give a false sense of better security. Your security strength is in complex password, not in a complex login name. If you have one good password, you don’t need to treat login as your “second password” – one good password is enough.

    As for concerns that default password requirement is set in “weak”, that fail2ban module is not…

  4. DDOS Protection

    What about DDOS Protection in Plesk?

    145 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Maldet for linux inside Plesk

    Hello,

    is better if such as "wordpress toolkit" you implement this software in plesk https://www.rfxn.com/projects/linux-malware-detect/ + ClamAV (is more faster the maildect search).

    With this way, anyone can scan our website from malware. And after scan, the user need to have an notify via email or directly into plesk. This inscrease the security of website and also increase the plesk security.

    I use it somethimes for scan all website into our web hosting, and I found it very usefull for prevent serius problem of botnet, hacked website etc.

    I hope that you can consider to implement this function.

    Regards

    108 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Yubikey

    Add two-factor-auth for YubiKey.

    91 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Plesk interface's web server support for TLS 1.3

    Add support of TLS 1.3 to Plesk interface's web server. TLS 1.3. improves security.

    87 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. change password next login

    Ask user to change password at next login screen after reset.
    We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.

    81 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Windows Fail2Ban

    The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.

    There is an opensorce for windows.

    http://www.digitalruby.com/securing-...icated-server/

    I suggest to Parallels Team include this.

    81 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  16 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Backport Fail2Ban IPv6 Support to Plesk Onyx 17.x

    As of now, feature with 178 votes is available in Plesk Onyx 17.9 Preview only: https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/17924536-fail2ban-now-supports-ipv6-please-upgrade

    It would be awesome to have this feature available on earlier versions of Plesk Onyx without the necessity to wait until Plesk Onyx 17.9 becomes stable.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add ip manually to fail2ban

    It is not possible to add an ip manually to fail2ban trough Plesk interface. Sometimes you detect an offending ip address which you want to ban from your system, before it is detected by recidive rule.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Use Lets Encrypt to secure FTPs connections

    Hi,

    I usually use the ftp.site.com subdomain for the client FTP connections.
    And to secure those connections I enabled FTPs. But at this point the users receive a certificate host name mismatch because the FTPs connection is being setup using the VPS Lets Encrypt cert.

    It would be nice to use the Lets Encrypt certificate service also to secure the FTPs connections.

    Thanks!

    69 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Temporary FTP accounts (with expire date)

    It would be great to have ftp account with an expire date.
    A sort of temporary ftp accounts.

    This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.

    I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.

    62 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create daily md5-hashes of the web-content of a domain, to quickly identify tampering or hacking.

    Let Plesk on every night optionally create/compare md5-hashes from all files in the domains storage-space (web,httpdoc,ftp) and update this in a simple list (database), sortable by date of last change, size, number of changes. Indicating "changed files in the last xx days" to have a time-window to drill down.

    In addition, accumulate all vhosts together into a seperate "Admin-View", where ALL domains are put together alphabetically.

    Add an additional button "snapshot", so one could create a list of all webfiles on request. For example, when an incident has been cleaned, then click "snapshot" and then wait some time to see…

    55 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Fail2ban setting findtime per Jail

    In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
    Why?
    you could have 2 jail with same filter but different findtime. Example:
    Jail 1) 5 failures in 600 seconds: 1800 seconds ban
    Jail 2) 30 failures in 86400 seconds: 604800 seconds ban

    There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  7 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support HPKP

    I'd like to see HPKP integrated into the SSL certificate management of Plesk. This would allow, in combination with standard Nginx/Apache config, for a strongly recommended and worthwhile security element to be added to hosted sites.

    Testing tool
    https://securityheaders.io

    More info
    https://scotthelme.co.uk/hpkp-http-public-key-pinning/

    43 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enhanced VPN support

    Since VPN connection are more and more common, and mobile devices used to connect to monitor servers, there is a need for an enhancement on the old VPN Add-on on plesk (linux).
    Currently the IOS and Android OpenVPN client does not support secret — Static key encryption mode (non-TLS) is not supported.
    from https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html
    Which is the only way to use the Plesk VPN connection because it does not support certificates.
    There is a lot of literature on troubles with VPN on mobile, but basically, all of them are due to old style, unsecured way to connect to VPN.

    Can…

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Let's Encrypt to validate over 80 or 443 (not just 80)

    We're very excited to see Let's Encrypt in Plesk 17, it makes secure sites much, much easier. However, port 80 is not open on a number of our servers for security reasons and it would appear the Plesk coding for the API to Let's Encrypt forces the use of port 80. Let's Encrypt supports validation of domains over 80 OR 443, but Plesk is requiring 80. The only workaround is to open 80 to the world so it can be validated since Let's Encrypt does supply a list of public IP's their traffic could source from.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Naxsi - web application firewall for Nginx

    Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx

    https://code.google.com/p/naxsi/

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add extra detail to Fail2Ban

    I was just looking at the banned ip addresses on my server and thought it would be nice to have a time and date stamp listed next to the banned ip and jail used.

    And maybe add log sizes for the Fail2Ban logs.

    Kind regards

    Lloyd

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base