Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
121 results found
-
13 votes
Thank you for the update! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Ability for Plesk administrator to disable Plesk customers to change their Plesk UI password
Please add ability for Plesk administrator to disable Plesk customers to change their Plesk UI password.
Message from customer:
I am working on a separate account management panel and I want the customer to log in with the same password. Can I prevent the user changing the password in Plesk.11 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
11 votes
Thank you for your input! We will consider functionality to implement ability to set TLS as required for email connections in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Please note that STARTSSL is a service of StartCom and there are issues with them to stay in CA role http://www.pcworld.com/article/3129725/certificate-policy-violations-force-reform-at-startcom-and-wosign.html so STARTSSL support will not be implemented in Plesk.
—
ET -
Support of SELinux
Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.11 votes -
Disable old TLS protocols in Plesk for Windows
In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:
plesk bin server_pref -u -ssl-protocols "TLSv1.2"
Or meet with PCI compliance with the utility:
plesk sbin pcicomplianceresolver
Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813
It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.
10 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
block bad bots by default
There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.
It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.
Here's an example for Apache
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4
And here's for Nginx
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
It could help mitigate attacks and vulnerability scans as well a…
10 votesThank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.BTW, we have following solution for Plesk – https://talk.plesk.com/resources/blocking-extra-bots-using-nginx.6/
—
IG -
Plesk Premium Email 2fa
Would like to see google auth 2fa enabled for login to webmail on Plesk Premium Email.
10 votes -
Integrate awesome Security from "Sophos Anti-Virus for Linux Free Edition"
There should be a Scanner for Malware by default.
"Wordpress" already has a super Tool but what about the the other Apps on Server ...10 votes -
Security Policy per subscription
To be able to set specific security policy per subscription instead of server-wide.
9 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Content Security Generator
A CSP Generator where you can define rules very simple.
9 votes -
Prevent users to be able to remove files from file manager
Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.
An example that could be applied is the same as it can be applied already for ProFTP config files as follows:
<Directory /var/www/vhosts/*/.cagefs>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/.cl.selector>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/error_docs>
<Limit DELE>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs>
<Limit RMD>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs/*>
<Limit RMD>
AllowAll
</Limit>
</Directory>8 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Email notifications/alerts for Modsecurity (WAF)
It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).
8 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Social Login SSO - Microsoft O365 Support
Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).
8 votes -
8 votes
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add SMS (text) verification as optional 2FA
sms verifying on login
8 votesThis is a valid request. Please keep voting on this if you believe it is an important feature.
-- PD
-
More advanced anti-ddos interface and settings
This (https://support.plesk.com/hc/en-us/articles/115000784914-What-DDoS-protection-tools-are-available-in-Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks.
It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings to better protect our servers from ddos attacks without the need to install a third party extension with additional costs. Preferably created with "good defaults" in mind.
7 votesEffective DDoS solutions must be installed before the server, not on the server. Because once an attack is able to reach the server, it will block all network bandwith and create a high cpu load so that the server becomes unavailable for other tasks. No on-server DDoS protection can perform good enough to keep a server safe from that. Plesk already has on-server protection, such as Fail2Ban and the built-in firewall capabilities. Nevertheless, we'd love to hear what you are missing as an on-server protection.
The request asks for and "advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings".
Could you please be specific about these points.
- What exactly makes an "advanced" tool for you?
- How do you imagine a "useful" interface?
- What "alerts" would you like to get?
- What are the "right amount of settings" for you?
Please let…
-
Separate mozilla tls cipher settings for web and mail
Please separate the mozilla tls cipher settings for web and mail.
Sometimes the old ciphers has to set only for mail and not for web.
Additionally it would be great if the setting could available on domain basis.Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924
7 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Created Scheduled Tasks (Cron jobs) via Plesk GUI should be registered in the action log
At the moment the created Scheduled Tasks (Cron jobs) via Plesk GUI are not registered in the action log.
Also, according to /var/log/messages and /var/log/cron it is not clear what task was created, the name of the task and it is also difficult to understand was the cron task created or not.
7 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
check passwords against Pwned Passwords API
Plesk should check user typed passwords against Pwned Passwords API
https://haveibeenpwned.com/API/v2
that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks
WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2
it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/
I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)
It makes a lot of sense to do this, there are no drawbacks
it should be option that users can enable/disable
if you don't need it, you can disable…7 votesThank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Import and export buttons to allow fail2ban Trusted IP or Banned IP Addresses
Button that can import or export the Fail2ban Trusted or Banned IP lists. At the moment you can only add one by one.
7 votes
- Don't see your idea?