Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

128 results found

  1. Support of SELinux

    Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
    Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  6 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Add "mail.example.com" (mail subdomain) in Subject Alternative Names when option "Assign the certificate to mail domain" is selected

    Currently almost all mail clients (I used) need the server address to be in the Subject Alternative Names on the certificate, meaning if the configured address is "mail.example.com" instead of "example.com", that first subdomain is not present in the certificate, even when the option "Assign the certificate to mail domain" is selected when issuing the certificate.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  3. block bad bots by default

    There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.

    It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.

    Here's an example for Apache

    https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4

    And here's for Nginx

    https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

    It could help mitigate attacks and vulnerability scans as well a…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Ability for Plesk administrator to disable Plesk customers to change their Plesk UI password

    Please add ability for Plesk administrator to disable Plesk customers to change their Plesk UI password.

    Message from customer:
    I am working on a separate account management panel and I want the customer to log in with the same password. Can I prevent the user changing the password in Plesk.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. 11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    Thank you for your input! We will consider functionality to implement ability to set TLS as required for email connections in upcoming releases if it will be popular.

    Everyone, please continue voting for this feature if you consider it important.

    Please note that STARTSSL is a service of StartCom and there are issues with them to stay in CA role http://www.pcworld.com/article/3129725/certificate-policy-violations-force-reform-at-startcom-and-wosign.html so STARTSSL support will not be implemented in Plesk.


    ET

  6. Content Security Generator

    A CSP Generator where you can define rules very simple.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Integrate awesome Security from "Sophos Anti-Virus for Linux Free Edition"

    There should be a Scanner for Malware by default.
    "Wordpress" already has a super Tool but what about the the other Apps on Server ...

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Separate mozilla tls cipher settings for web and mail

    Please separate the mozilla tls cipher settings for web and mail.
    Sometimes the old ciphers has to set only for mail and not for web.
    Additionally it would be great if the setting could available on domain basis.

    Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  9. Created Scheduled Tasks (Cron jobs) via Plesk GUI should be registered in the action log

    At the moment the created Scheduled Tasks (Cron jobs) via Plesk GUI are not registered in the action log.

    Also, according to /var/log/messages and /var/log/cron it is not clear what task was created, the name of the task and it is also difficult to understand was the cron task created or not.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  10. Security Policy per subscription

    To be able to set specific security policy per subscription instead of server-wide.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. 9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Prevent users to be able to remove files from file manager

    Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.

    An example that could be applied is the same as it can be applied already for ProFTP config files as follows:

    <Directory /var/www/vhosts/*/.cagefs>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/.cl.selector>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/error_docs>
    <Limit DELE>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs>
    <Limit RMD>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs/*>
    <Limit RMD>
    AllowAll
    </Limit>
    </Directory>

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  13. Email notifications/alerts for Modsecurity (WAF)

    It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. check passwords against Pwned Passwords API

    Plesk should check user typed passwords against Pwned Passwords API

    https://haveibeenpwned.com/API/v2

    that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks

    WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2

    it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/

    I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)

    It makes a lot of sense to do this, there are no drawbacks
    it should be option that users can enable/disable
    if you don't need it, you can disable…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Import and export buttons to allow fail2ban Trusted IP or Banned IP Addresses

    Button that can import or export the Fail2ban Trusted or Banned IP lists. At the moment you can only add one by one.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Plesk for Windows - RdpGuard

    Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
    This is a very good alternative to IP2ban (which is only for Linux).

    Thanks

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Let's encrypt wildcard for domain aliases

    Currently, when requesting a wildcard certificate for a domain with multiple domain aliases, only the main domain gets a wildcard.

    Let say you have a main domain domain.com and have 3 subdomains domain.fr, domain.co.jp and domain.eu.

    When requesting a wildcard certificate including all aliases, you'll get :

    domain.com
    *.domain.com
    domain.fr
    domain.co.jp
    domain.eu

    where it would be more logical and usefull to have :

    domain.com
    *.domain.com
    domain.fr
    *.domain.fr
    domain.co.jp
    *.domain.co.jp
    domain.eu
    *.domain.eu

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. add permission to disable "certificate selection"

    Add permission to disable "for certificate selection"

    Use case: if "hosting management" permission is disabled in Subscription > Customize > Permissions > Hosting management - uncheck, an additional Plesk user still able to select SSL certificate in "hosting settings" of domain. User can set certificate to none and thus violate website security.

    Add option in Permissions to forbid certificate selection by user to prevent such cases.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base