Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
106 results found
-
Integrate awesome Security from "Sophos Anti-Virus for Linux Free Edition"
There should be a Scanner for Malware by default.
"Wordpress" already has a super Tool but what about the the other Apps on Server ...10 votes -
Separate mozilla tls cipher settings for web and mail
Please separate the mozilla tls cipher settings for web and mail.
Sometimes the old ciphers has to set only for mail and not for web.
Additionally it would be great if the setting could available on domain basis.Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924
9 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Created Scheduled Tasks (Cron jobs) via Plesk GUI should be registered in the action log
At the moment the created Scheduled Tasks (Cron jobs) via Plesk GUI are not registered in the action log.
Also, according to /var/log/messages and /var/log/cron it is not clear what task was created, the name of the task and it is also difficult to understand was the cron task created or not.
9 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Security Policy per subscription
To be able to set specific security policy per subscription instead of server-wide.
9 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add SMS (text) verification as optional 2FA
sms verifying on login
9 votesThis is a valid request. Please keep voting on this if you believe it is an important feature.
-- PD
-
Prevent users to be able to remove files from file manager
Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.
An example that could be applied is the same as it can be applied already for ProFTP config files as follows:
<Directory /var/www/vhosts/*/.cagefs>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/.cl.selector>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/error_docs>
<Limit DELE>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs>
<Limit RMD>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs/*>
<Limit RMD>
AllowAll
</Limit>
</Directory>8 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Email notifications/alerts for Modsecurity (WAF)
It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).
8 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
check passwords against Pwned Passwords API
Plesk should check user typed passwords against Pwned Passwords API
https://haveibeenpwned.com/API/v2
that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks
WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2
it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/
I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)
It makes a lot of sense to do this, there are no drawbacks
it should be option that users can enable/disable
if you don't need it, you can disable…8 votesThank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
8 votes
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Plesk for Windows - RdpGuard
Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
This is a very good alternative to IP2ban (which is only for Linux).Thanks
7 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
add permission to disable "certificate selection"
Add permission to disable "for certificate selection"
Use case: if "hosting management" permission is disabled in Subscription > Customize > Permissions > Hosting management - uncheck, an additional Plesk user still able to select SSL certificate in "hosting settings" of domain. User can set certificate to none and thus violate website security.
Add option in Permissions to forbid certificate selection by user to prevent such cases.
7 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Make PLESK compatible with "Microsoft Security Essential" for Windows servers
Microsoft Security Essential is a free and powerful security software for windows server. I recommend make PLESK compatible with this software to have a powerful and simple security solution.
7 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU -
add option to preload hsts
can you add the option to the hsts switch to add preload option?
i have to disable the hsts switch and manual add this option to the Nginx directive as so
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
6 votesThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
support algorithm 16 (ed448) in DNSSEC
Recognising the increasing challenges in these times, would welcome the implementation of the Edwards-curve Digital Signature Algorithm (EdDSA) type ed448 for security and to keep ahead of the curve (sic.) on the cryptographic front...
interesting tool here too for those interested in checking out where they're up to with browser support (and to know the differences between the different algorithms): https://ed448.no/
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Apply SELinux policy for custom vhosts directory
Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.
6 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.
Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.
So that if subscription example.com contains 1.example.com 2.example.com 3example.com.
We can select as an example only the subdomain 1 and 3Same for other components like databases.
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add option to Whitelist IP in Fail2Ban and mod_security
I always need to whitelist IPs in Firewall, Fail2Ban and mod_security.
u could add at least an option to also whitelist fail2ban in mod_security or even make two checkboxes in Firewall whitelisting to whitelist ip in all three modules.
also usage of dns instead of ip would be greate for example PayPal does recomment to whitelist dns for api!
THX
6 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Enable SSH Key Generate via Plesk Control Panel
With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.
6 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Deny access to all dot files by default
A lot of web applications that are either built or simply installed on a website use dot files and folders, whether those be .htaccess, .git, .env, etc.
Generally speaking dot files and folders are used to store either sensitive files or backend configuration which you would never want users to be able to access.
By default Apache has some protection built-in to restrict accessing dot files, but Nginx does not. This creates a potential security risk, for example I might install a web application or build one which has dot files in the public root, these most likely would be…
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Description field for IP restrictions
Here is my idea : add a description field for IP administration restriction access
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG
- Don't see your idea?