Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

133 results found

  1. Enable OCSP stapling and HSTS for Plesk panel

    OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
    However these settings cannot be enabled while securing Plesk panel.
    So it will be really appreciated if such functionality is included in future Plesk updates.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Make more Jails for Fail2Ban e.g. mysql error log

    see header

    please make plesk saver with more helpful Jails for fail2ban

    mysql error log
    typo3 login fails
    joomla login fails
    shopware
    email
    ftp
    webmail

    an any more

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Implement a support module for Duo Security 2FA

    Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Implement Dropbox's (zxcvbn) password strength library

    Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn

    Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaud-bisque-batch-forefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".

    Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'

    Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Implement OSSEC

    Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Port Scan protection, PortSentry / PSAD

    Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.

    22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Add Nginx Jails to Fail2Ban

    Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.

    That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.

    This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
    https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

    Search for: fail2ban nginx 404
    E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
    Note The 404 code is…

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Use of FQDN in the firewall

    I would like to use FQDN in the plesk firewall instead of only IP addresses.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Secure default HTTPS settings

    Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).

    One very good scanner is https://observatory.mozilla.org/

    This includes some headers to be sent, and secure TLS settings.
    Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLS

    The remaining things should be set in Wordpress directly directly by Plesk.

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. More customizable password strength

    Please consider implementing more options for customization of password strength - for example disalbing it, setting allowed password to have lower than 5 symbols or the opposite - increase number of symbols required for a password.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Plesk Premium Email 2fa

    Would like to see google auth 2fa enabled for login to webmail on Plesk Premium Email.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Spamhaus Drop List integration.

    Add Spamhaus DROP LIST integration to the firewall with update schedule

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Add ipset in Firewall to increase performance

    Please extend the Firewall / Concept to make the use of ipset, because it is generally the fastest solution i found so far. Chains like "f2b-recidive" can also be implemented as ipset list. This will speed up the whole process while adding or removing ips. I dont know if there is a cidr support in ipset...

    For example, remove the following chain:

    f2b-plesk-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587

    And extend the firewall with a native DROP on the ports as described below:

    DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 match-set f2b-plesk-postfix src

    And then (or before?) just…

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. ProFTPd GeoIP blocking

    Compile proftpd with "GeoIP"
    http://www.proftpd.org/docs/contrib/mod_geoip.html

    This would allow to block or whitelist countries - even on a per user basis.
    We did research on this and most of the foreign FTP attempts are malicious.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. chacha20_poly1305 QUIC

    Plesk need to Support chacha20_poly1305 or QUIC better both
    It's faster than the normal https Socket and more Secure, QUIC can used in https also http and safer as SPDY

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Disable old TLS protocols in Plesk for Windows

    In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:

    plesk bin server_pref -u -ssl-protocols "TLSv1.2"

    Or meet with PCI compliance with the utility:

    plesk sbin pcicomplianceresolver

    Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813

    It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  18. 14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. For security reasons: Turn off outputting PHP Version and also Webserver Version

    PHP configuration:
    Add the following Lines for Security Reasons!

    exposephp = off
    server
    tokens off

    Why didn't Plesk decide to make these lines available as options in Plesk, as options?
    In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.

    I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx…

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. 12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base