Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
129 results found
-
Make PLESK compatible with "Microsoft Security Essential" for Windows servers
Microsoft Security Essential is a free and powerful security software for windows server. I recommend make PLESK compatible with this software to have a powerful and simple security solution.
7 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— SU -
For security reasons: Turn off outputting PHP Version and also Webserver Version
PHP configuration:
Add the following Lines for Security Reasons!exposephp = off
servertokens offWhy didn't Plesk decide to make these lines available as options in Plesk, as options?
In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx…
6 votesThank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
lets encrypt automatic renewal cloudflare
It would be very helpful and eliminate troubles if it would be possible to auto-renew SSL when using cloudflare as DNS. maybe as an extension?
6 votes -
support algorithm 16 (ed448) in DNSSEC
Recognising the increasing challenges in these times, would welcome the implementation of the Edwards-curve Digital Signature Algorithm (EdDSA) type ed448 for security and to keep ahead of the curve (sic.) on the cryptographic front...
interesting tool here too for those interested in checking out where they're up to with browser support (and to know the differences between the different algorithms): https://ed448.no/
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.
Allow adding additional users to a subscription with granular selection of which domain/subdomains he can manage.
So that if subscription example.com contains 1.example.com 2.example.com 3example.com.
We can select as an example only the subdomain 1 and 3Same for other components like databases.
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Plesk for Windows - RdpGuard
Please include the security system RdpGuard (https://rdpguard.com/) in Plesk for Windows. And please add configuration from Plesk.
This is a very good alternative to IP2ban (which is only for Linux).Thanks
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
OWASP security recommendation hide php version from web server by default
I've noticed that in a default plesk installation the web server is configured to disclose php version. This could be exploited especially with a lot of websites running insecure php versions still.
I think it's not much trouble to implement this simple "security through obscurity" step to not disclose this information and help attackers detect vulnerabilities in PHP itself.
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add option to Whitelist IP in Fail2Ban and mod_security
I always need to whitelist IPs in Firewall, Fail2Ban and mod_security.
u could add at least an option to also whitelist fail2ban in mod_security or even make two checkboxes in Firewall whitelisting to whitelist ip in all three modules.
also usage of dns instead of ip would be greate for example PayPal does recomment to whitelist dns for api!
THX
6 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Enable SSH Key Generate via Plesk Control Panel
With the SSH Manager inside Plesk Onyx, it is extremely easy to add a new key to a subscription. The problem is, most users don't understand how to generate a key with tools like PuTTYgen and explaining it to them leaves them very confused. It would be very handy if, inside the SSH manager there was a way to request a new key pair be generated and added to a subscription automatically, so users don't have to go through the hassle of generating a key.
6 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
Deny access to all dot files by default
A lot of web applications that are either built or simply installed on a website use dot files and folders, whether those be .htaccess, .git, .env, etc.
Generally speaking dot files and folders are used to store either sensitive files or backend configuration which you would never want users to be able to access.
By default Apache has some protection built-in to restrict accessing dot files, but Nginx does not. This creates a potential security risk, for example I might install a web application or build one which has dot files in the public root, these most likely would be…
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
deny access to .git folder by default
I think it would be great if you could prevent access to .git folders that are usually left exposed by users in the server when building the vhost templates .
It's very common that users forget to remove credentials and other sensitive information out of their repositories so by leaving the folder exposed it's possible for an attacker to gain access to this sensitive information.
Currently we manually protect those folders when we spot them but it would be nice if this was implemented from the start.
For example in nginx the following rule could be used.
location ~ /.git…
6 votes -
Description field for IP restrictions
Here is my idea : add a description field for IP administration restriction access
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
add permission to disable "certificate selection"
Add permission to disable "for certificate selection"
Use case: if "hosting management" permission is disabled in Subscription > Customize > Permissions > Hosting management - uncheck, an additional Plesk user still able to select SSL certificate in "hosting settings" of domain. User can set certificate to none and thus violate website security.
Add option in Permissions to forbid certificate selection by user to prevent such cases.
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.—
IG -
fail2ban - Add Details (Login Name)
Often large Companies with lot's of Workstation are getting blocked because 1 Client in their Office is trying to log in with wrong Password (imap/pop/smtp) - then the whole Office of them is getting blocked and the search which PC/which User is causing the block.starts ...
It would help big times if one got a reference which Login Name / Username caused the block as additional Info next to the IP ...
Won't help on Brute Force Attacks where the Username changes ... but on this Scenario it would be a big Timesaver ...
Andreas Schnederle-Wagner6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
ProFTPd with ClamAV support (mod_clamav)
Compile ProFTPd daemon with mod_clamav support, that FTP uploaded files can be scanned with malware.
cPanel & DirectAdmin support this:
https://github.com/jbenden/mod_clamav
and External Signatures with ClamAV:
6 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— AY
-
6 votes
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— AY
-
Apply SELinux policy for custom vhosts directory
Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.
5 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Block user access after failed attempts
It would be great to implement in Plesk a new feature.
When there are X failed attempts, in Plesk there should be the possibility to block automatically the access to the customer account (completely or for a certain period of time).
As per now, Plesk block the IP address via Fail2ban, but this is not the feature that we need. We just want to block the access completely or temporarily for the affected login.
5 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Make default Plesk Firewall rules more strict
Right now "System policy for outgoing traffic" rule is set to allow all outgoing traffic as default which is not secure enough.
Please consider to make default firewall rules for outgoing traffic more secure and allow only Plesk services to send outgoing packets
5 votes -
Manage all Firewall rules via Plesk GUI on Plesk for Windows
Ability to manage Windows Firewall rules not added by Plesk. I.e., the rule added by MySQL installer
4 votesThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
--
IG
- Don't see your idea?