Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

105 results found

  1. Implement a support module for Duo Security 2FA

    Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?

    27 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  2. Implement Dropbox's (zxcvbn) password strength library

    Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn

    Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaud-bisque-batch-forefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".

    Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.

    24 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  3. Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'

    Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'

    24 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  4. Implement OSSEC

    Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.

    23 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  5. Port Scan protection, PortSentry / PSAD

    Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.

    22 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  6. Add Nginx Jails to Fail2Ban

    Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.

    That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.

    This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
    https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

    Search for: fail2ban nginx 404
    E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
    Note The 404 code is…

    20 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  7. Use of FQDN in the firewall

    I would like to use FQDN in the plesk firewall instead of only IP addresses.

    19 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  8. Secure default HTTPS settings

    Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).

    One very good scanner is https://observatory.mozilla.org/

    This includes some headers to be sent, and secure TLS settings.
    Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLS

    The remaining things should be set in Wordpress directly directly by Plesk.

    19 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  9. More customizable password strength

    Please consider implementing more options for customization of password strength - for example disalbing it, setting allowed password to have lower than 5 symbols or the opposite - increase number of symbols required for a password.

    17 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  10. Add ipset in Firewall to increase performance

    Please extend the Firewall / Concept to make the use of ipset, because it is generally the fastest solution i found so far. Chains like "f2b-recidive" can also be implemented as ipset list. This will speed up the whole process while adding or removing ips. I dont know if there is a cidr support in ipset...

    For example, remove the following chain:

    f2b-plesk-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587

    And extend the firewall with a native DROP on the ports as described below:

    DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 match-set f2b-plesk-postfix src

    And then (or before?) just…

    15 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  11. ProFTPd GeoIP blocking

    Compile proftpd with "GeoIP"
    http://www.proftpd.org/docs/contrib/mod_geoip.html

    This would allow to block or whitelist countries - even on a per user basis.
    We did research on this and most of the foreign FTP attempts are malicious.

    15 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  12. add posibility to secure webmail using Let's Encrypt certificate without domain being hosted on Plesk

    14 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  13. Disable old TLS protocols in Plesk for Windows

    In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:

    plesk bin server_pref -u -ssl-protocols "TLSv1.2"

    Or meet with PCI compliance with the utility:

    plesk sbin pcicomplianceresolver

    Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813

    It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.

    13 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  14. Support of SELinux

    Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
    Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.

    12 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  6 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  15. For security reasons: Turn off outputting PHP Version and also Webserver Version

    PHP configuration:
    Add the following Lines for Security Reasons!

    exposephp = off
    server    tokens off

    Why didn't Plesk decide to make these lines available as options in Plesk, as options?
    In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.

    I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx…

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  16. Add the ability to require 2FA for accounts.

    Many sites and online providers today require the use of 2FA to secure accounts. It would be great if Plesk could require the same thing (at least for administrative accounts). I think this could really help increase the security posture of the software.

    As it stands now, Google Auth is optional, and a user has the ability to enable/disable it at will, which isn't ideal.

    According to this thread, there are currently areas where 2FA wouldn't currently be possible, but all of these issues have already been solved by other companies. I have no doubt that Plesk could do it…

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  17. Social Login SSO - Microsoft O365 Support

    Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    open discussion  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  18. block bad bots by default

    There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.

    It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.

    Here's an example for Apache

    https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4

    And here's for Nginx

    https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

    It could help mitigate attacks and vulnerability scans as well a…

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  19. 2FA (two-factor authentication) for webmail, e.g. Google Authenticator for Roundcube login

    Two-factor authentication for webmail

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  20. Ability for Plesk administrator to disable Plesk customers to change their Plesk UI password

    Please add ability for Plesk administrator to disable Plesk customers to change their Plesk UI password.

    Message from customer:
    I am working on a separate account management panel and I want the customer to log in with the same password. Can I prevent the user changing the password in Plesk.

    11 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
2 4 5 6
  • Don't see your idea?

Feature Suggestions

Categories

Feedback and Knowledge Base

(thinking…)