A CSP Generator where you can define rules very simple.

Often large Companies with lot's of Workstation are getting blocked because 1 Client in their Office is trying to log in with wrong Password (imap/pop/smtp) - then the whole Office of them is getting blocked and the search which PC/which User is causing the block.starts ...
It would help big times if one got a reference which Login Name / Username caused the block as additional Info next to the IP ...
Won't help on Brute Force Attacks where the Username changes ... but on this Scenario it would be a big Timesaver ...
Andreas Schnederle-Wagner

sms verifying on login

I recommend to don't show any information about the version of Plesk or other software before the user logged in.

It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).

OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
However these settings cannot be enabled while securing Plesk panel.
So it will be really appreciated if such functionality is included in future Plesk updates.

To be able to set specific security policy per subscription instead of server-wide.

Would like to see google auth 2fa enabled for login to webmail on Plesk Premium Email.

Right now "System policy for outgoing traffic" rule is set to allow all outgoing traffic as default which is not secure enough.

Please consider to make default firewall rules for outgoing traffic more secure and allow only Plesk services to send outgoing packets

Button that can import or export the Fail2ban Trusted or Banned IP lists. At the moment you can only add one by one.

There is an option in Outlook, mail.app and other clients "authenticate using certificate". HOwever Plesk does not allow to use this client based method of authentication.

Since 2014, with Linux kernel 3.13 and later, a new system for providing filtering and classification of network packets, datagrams and frames was introduced: nftables

It is stateful and more modular than iptables and does support IPv6.

As there are already packages for Archlinux or RHEL and so for CentOS and you can install on your own (of course), it would be great if in an upcoming (major) release iptables is replaced by nftables. Or a switch is implemented to use either the one or the other.

More information on:
https://wiki.nftables.org
http://netfilter.org/projects/nftables/
https://wiki.archlinux.org/index.php/nftables

Plesk should provide a way to secure the Plesk administration panel with the Web Application Firewall (ModSecurity).

Currently, when Plesk is accessed via 8443, Apache is not handling any request. However, when Plesk is accessed via port 443, Nginx is working as a proxy.

This setup should be changed, Apache should work as a proxy to be able to filter the HTTP request with ModSecurity, adding an additional security layer.

Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).

Add ability to use the one Let's encrypt account Id for the whole server

After this, it will be possible to request Let's Encrypt Rate Limit Adjustment for the whole server.
https://docs.google.com/forms/d/e/1FAIpQLSetFLqcyPrnnrom2Kw802ZjukDVex67dOM2g4O8jEbfWFs3dA/viewform

In Plesk for Windows, add options to forbid executing .exe, .bat and other executable files in order to prevent starting of malicious scripts.
It should be added to domain and server-wide levels.

With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.