Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

137 results found

  1. Inform users automatically of weak password usage (emailaccounts, FTP, installed WP installations, etc.)

    I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.

    We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.

    This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.

    It should check for weak passwords for:

    • weak passwords used in emailaccounts
    • weak passwords used for user created databases
    • weak passwords for hostingaccounts
    • weak passwords…
    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    This is a technically impossible task, because none of the passwords are stored in plain text, but they are stored as hashes. The length or characteristic of a hash does not reveal whether the password is weak or strong. For that reason it is impossible for a software to determine which passwords are the weak passwords and which are the strong, hence users with weak passwords cannot be identified.

    -- PD

  2. OCSP stapling for webmail in Plesk

    Add a feature to enable OSCP stapling for webmail of domains that will increase webmail security.

    This feature is already available for domains in the SSL It! extension.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    The purpose of OCSP stapling is not increased security. It does not provide increased security at all. The purpose is to avoid an extra DNS and GET request to the trust center by the user's browser, hence OCSP stapling makes the overall surfing experience a few milliseconds faster. While this can have a (minor) effect on websites, it will not have any recognizable effect on webmail. It will actually only increase the load on the server, because now the server needs to validate the SSL cert, but for the very few requests that a webmail user has, it won't speed-up his webmail experience. 

    As this request also did not gain popularity during the past 3 years, we must decline it.

    -- PD

  3. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Remove the certificate for securing mail from Plesk

    There is no option to remove Certificate for securing mail via Plesk UI, the only option is to switch it to another.

    Please add feature to unassign the certificate.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. remove kernelcare suggestion on openvz vservers!

    If a servers runs on a openvz environment there is no need for kernelcare as it shares the kernel with the host.

    Therefor your suggestion including your offer to sell a license at 5$+VAT vs 3.95$ at the cloudlinuxes website this very misleading!

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. View certificate expiration dates for all domains

    Please add the functionality to view the summary of certificate expiration dates for all domains.

    This will help to monitor the situation and diagnose what is going on.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    declined  ·  IgorG responded

    Thank you for your input!
    Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.

    IG

  7. Whitelist rkhunter warnings caused by Plesk

    rkhunter security scan will always show security warnings caused by Plesk, as per https://support.plesk.com/hc/en-us/articles/115001160954-What-Watchdog-warnings-may-be-safely-ignored

    You should whitelist these warnings by default.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. New ModSecurity vendor (SecRemoteRules)

    ModSecurity 2.9.x and newer support SecRemoteRules directive, which allow download rules from remote server.

    This kind configuration is not now possible to ModSecurity Vendor list in Plesk GUI.

    Syntax: SecRemoteRules [optional crypto] key https://url
    Example: SecRemoteRules 12371283813.8712832abd https://rules.malware.expert/download.php?rules=generic

    We offer shared webhosting modsecurity rules: https://malware.expert/modsecurity-rules

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Single sign on from WordPress account so hosting provider can allow customers to access plesk if they are logged into WordPress account firs

    I am looking to create a site a hosting provider in woocommerce and want the customer to be able to access plesk if they are logged into their account in WordPress. So password of both plesk and WordPress will be in sync.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. prevent users from changing permissions of files and folders to 777

    for safety should block permits chmod when apache runs fastcgi users plesk and users ftp

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Port knocking

    If it possible to add a feature do disable SSH Port every time. And only if a special sequence of ports where knocked the SSH Port will open?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Alarm, when some IP address is visiting too much

    There is a really big issue, because some people are crawling the website and stealing all content.
    There should be anything, so we can set whitelist for Google, Yahoo and Bing crawler. When another IP requesting too much pages in short time, an email should sent automatically.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Allow whitespace in (administrator) passwords and if you don't give proper feedback.

    If I enter an administrator password with whitespace in it, it seems to be accepted but isn't actually applied.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Fail2ban: ability for global setting to have mail alert feature

    In Plesk 12 current settings of Plesk fail2ban manager has not the ability to set globally a action for blocking and mail alerts.

    At this time you have to add a action sendmail... for every jail!

    Adding a macro like:

    banaction = iptables-multiport
    action_ = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    actionmw = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    %(mta)s-whois[name=%(
    name)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
    action
    mwl = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    %(mta)s-whois-lines[name=%(name)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"
    action =%(action_mwl)s

    does not work properly and easy!
    And needs much manual configuration in /etc/fail2ban

    Please add teh ability…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. limit socket connections in php

    Limit socket connections (per hour / minute) of php to fight abuse / ddos

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Show if server needs reboot

    It should be nice to have a notification if server needs reboot inside plesk.

    Like after big updates ( kernel , os components ... )

    Like message when you connect to SU in SSH.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    As major operating system changes that require a reboot (such as the mentioned Kernel upgrade) are not subject of updates that can be done from within Plesk, a reboot message is not needed. This request did not gain popularity either, so we must decline it.

    -- PD

  18. Goolge 2 factor authentication for Repait Kit page

    Implement Goolge 2 factor authentication for Repait Kit page t https://example.com:8443/repair

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Allow to add trusted IPs to specific Jails

    Allow to set a trusted IP over the GUI and CLI to specific jails same as allowed by fail2ban client:

    # fail2ban-client --help | grep -A1 ignoreip
    set <JAIL> addignoreip <IP> adds <IP> to the ignore list of <JAIL>
    set <JAIL> delignoreip <IP> removes <IP> from the ignore list of <JAIL>
    get <JAIL> ignoreip gets the list of ignored IP addresses for <JAIL>

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. In domain logs allow select all function in order to copy to firewall rules

    This feature requests comes from having to manually copy and paste bad IP's from the domain log files. It would be a request that when you carried out a search for say POST /xmlrpc.php HTTP/1.0 or GET /wp-login.php HTTP/1.0 from brute force hacking or malware bots you can easily just select all, then paste this over to the block list in the Firewall rules.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    This request only received 2 votes during 3 years. It did not become popular. It may also not be the best possible choice to block individual IPs like suggested as attackers frequently change IPs which will easily result in hundreds or thousands of blocked IPs in the firewall. That again will slow down network traffic. Instead we suggest to use Fail2Ban that comes with Plesk to automatically block attacker IPs. Fail2Ban has the capability to analyze log files automatically, to identify trouble sources and to ban these IPs for a pre-defined duration.

    -- PD

  • Don't see your idea?

Feedback and Knowledge Base