Skip to content

Feature Suggestions

← Your Ideas for Plesk

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

I suggest you...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

104 results found

  1. Separate mozilla tls cipher settings for web and mail

    Please separate the mozilla tls cipher settings for web and mail.
    Sometimes the old ciphers has to set only for mail and not for web.
    Additionally it would be great if the setting could available on domain basis.

    Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  2. Email notifications/alerts for Modsecurity (WAF)

    It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  3. Security Policy per subscription

    To be able to set specific security policy per subscription instead of server-wide.

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  4. Add SMS (text) verification as optional 2FA

    sms verifying on login

    9 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  5. Prevent users to be able to remove files from file manager

    Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.

    An example that could be applied is the same as it can be applied already for ProFTP config files as follows:

    <Directory /var/www/vhosts/*/.cagefs>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/.cl.selector>
    <Limit ALL>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/error_docs>
    <Limit DELE>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs>
    <Limit RMD>
    DenyAll
    </Limit>
    </Directory>

    <Directory /var/www/vhosts/*/httpdocs/*>
    <Limit RMD>
    AllowAll
    </Limit>
    </Directory>

    8 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  6. check passwords against Pwned Passwords API

    Plesk should check user typed passwords against Pwned Passwords API

    https://haveibeenpwned.com/API/v2

    that way you could further improve systems running Plesk against Brute-Force attacks - and Dictionary attacks

    WordFence plugin for WordPress is already offering this, checking WordPress administrator passwords against https://haveibeenpwned.com/API/v2

    it shouldn't be too much work to compare Plesk password hash between Plesk and https://haveibeenpwned.com/API/

    I would like to use this feature for all services (FTP, E-Mail, Plesk, WordPress, etc.)

    It makes a lot of sense to do this, there are no drawbacks
    it should be option that users can enable/disable
    if you don't need it, you can disable…

    8 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  7. add support for Certificate Transparency to your LetsEncrypt-tool

    https://www.certificate-transparency.org
    https://www.ssllabs.com/ssltest/analyze.html

    8 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  8. Disk encryption

    Disk level encryption.
    Similar to what AWS offers with RDS.
    Encryption at rest for the entire server rather than doing it column by column manually.

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  9. Plesk for Windows - RdpGuard

    Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
    This is a very good alternative to IP2ban (which is only for Linux).

    Thanks

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  10. Enable SSH Key Generate via Plesk Control Panel

    With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  11. Deny access to all dot files by default

    A lot of web applications that are either built or simply installed on a website use dot files and folders, whether those be .htaccess, .git, .env, etc.

    Generally speaking dot files and folders are used to store either sensitive files or backend configuration which you would never want users to be able to access.

    By default Apache has some protection built-in to restrict accessing dot files, but Nginx does not. This creates a potential security risk, for example I might install a web application or build one which has dot files in the public root, these most likely would be…

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  12. Description field for IP restrictions

    Here is my idea : add a description field for IP administration restriction access

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  13. add permission to disable "certificate selection"

    Add permission to disable "for certificate selection"

    Use case: if "hosting management" permission is disabled in Subscription > Customize > Permissions > Hosting management - uncheck, an additional Plesk user still able to select SSL certificate in "hosting settings" of domain. User can set certificate to none and thus violate website security.

    Add option in Permissions to forbid certificate selection by user to prevent such cases.

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  14. ProFTPd with ClamAV support (mod_clamav)

    Compile ProFTPd daemon with mod_clamav support, that FTP uploaded files can be scanned with malware.

    cPanel & DirectAdmin support this:

    https://github.com/jbenden/mod_clamav

    and External Signatures with ClamAV:

    https://malware.expert/signatures/

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  15. Make PLESK compatible with "Microsoft Security Essential" for Windows servers

    Microsoft Security Essential is a free and powerful security software for windows server. I recommend make PLESK compatible with this software to have a powerful and simple security solution.

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  16. support algorithm 16 (ed448) in DNSSEC

    Recognising the increasing challenges in these times, would welcome the implementation of the Edwards-curve Digital Signature Algorithm (EdDSA) type ed448 for security and to keep ahead of the curve (sic.) on the cryptographic front...

    interesting tool here too for those interested in checking out where they're up to with browser support (and to know the differences between the different algorithms): https://ed448.no/

    6 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  17. Apply SELinux policy for custom vhosts directory

    Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.

    6 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  18. Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.

    So that if subscription example.com contains 1.example.com 2.example.com 3example.com.
    We can select as an example only the subdomain 1 and 3

    Same for other components like databases.

    6 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  19. OWASP security recommendation hide php version from web server by default

    I've noticed that in a default plesk installation the web server is configured to disclose php version. This could be exploited especially with a lot of websites running insecure php versions still.

    I think it's not much trouble to implement this simple "security through obscurity" step to not disclose this information and help attackers detect vulnerabilities in PHP itself.

    6 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  20. Add option to Whitelist IP in Fail2Ban and mod_security

    I always need to whitelist IPs in Firewall, Fail2Ban and mod_security.

    u could add at least an option to also whitelist fail2ban in mod_security or even make two checkboxes in Firewall whitelisting to whitelist ip in all three modules.

    also usage of dns instead of ip would be greate for example PayPal does recomment to whitelist dns for api!

    THX

    6 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
1 3 5 6
  • Don't see your idea?

Feature Suggestions

Categories

Feedback and Knowledge Base

(thinking…)