Skip to content

Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

129 results found

  1. add option to preload hsts

    can you add the option to the hsts switch to add preload option?

    i have to disable the hsts switch and manual add this option to the Nginx directive as so

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Restrict webmail based on IP address

    It would be great to have a way to limit webmail access for a given domain by IP address, so that the client has to be in their office network, or VPNed in to their office in order to access webmail.domain.tld

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Allow to register all let's encrypt certificates with a freely configurable ACME ID

    Customer has around 2000 domains and hitting the weekly limit for the new certificates. All domains have different ACME IDs

    Customer reached Let's Encrypt support and they agreed to increase limits but require to provide "his own dedicated ACME ID". This feature is required to get such dedicated id.

    This is useful when a lot of domains were migrated to another server and it is required to secure them quickly without reaching limits.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Add ability to use the one Let's encrypt account Id for the whole server

    Add ability to use the one Let's encrypt account Id for the whole server

    After this, it will be possible to request Let's Encrypt Rate Limit Adjustment for the whole server.
    https://docs.google.com/forms/d/e/1FAIpQLSetFLqcyPrnnrom2Kw802ZjukDVex67dOM2g4O8jEbfWFs3dA/viewform

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. control-panel-access - add ddns support

    Please add DDNS Support for "control-panel-access" (Limit Admin Login) - Would be very helpful to restrict Admin Logins if no static IP Address is available ...

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Set right ciphers by default on Windows

    There is a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/

    but there is no tool to do it automatically (and by default during the installation).

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    AFAIU, the request is about right ciphers for SSL configuration. We have a documentation how to do it manually: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/pci-dss-compliance/tune-plesk-to-meet-pci-dss-on-windows.78901/ but have no tool to do it automatically, so, this is a valid request, we’ll look into it.

    There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!

    — rk

  7. Iptables: Allow Rules via the shell

    Our Intrusion prevention system CrowdSec adds one rule having a blacklist to Ipables.

    If you manipulate the rules in the UI, Plesk rewrites all rules. Therefore manually added rules are no more available.

    This could be fixed very simple by having an additional script, which will be called after saving the rules by the UI.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Upgrade ModSecurity IIS to 2.9.4

    Currently Plesk installs ModSecurity IIS 2.9.3, which was released on December 5 2018. On June 11 2021, ModSecurity 2.9.4 was released, it's important to stay up to date with software version releases.

    https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.4

    Please note:

    • Windows installer no longer includes OWASP CRS.
    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Disk encryption

    Disk level encryption.
    Similar to what AWS offers with RDS.
    Encryption at rest for the entire server rather than doing it column by column manually.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Require domain TXT record verification before adding domain to Plesk.

    Require domain TXT record verification before adding domain to Plesk.

    Plesk need to implement an option to require domains to be verified like for example Let's Encrypt with a TXT record with a key value, that Plesk can check on an admin specified interval like 5 mins perhaps, with a self-cleaning feature that removes un-verified domains after X days.

    So as Plesk administrator you can activate the domain verification option on subscription level, that requires the customers to verify their domain, when using the function "add domain".

    So "add domain" should have an initial state of "awaiting verification" before it…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

  11. Add possibility in ModSecurity to configure real-time file scan when files are uploaded

    It would be great to add possibility in ModSecurity to configure real-time file scan when files are uploaded: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#files_tmpnames

    Such feature will allow the Plesk administrator to configure some Perl scripts to analize all the files uploaded by the users.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Let pci_compliance_resolver --enable postfix also set FORWARD SECURITY and go dor TLSv1.3

    Even though server supports TLS 1.2, the cipher suite configuration is suboptimal. It is recommend to configure the server so that the cipher suites providing forward secrecy (ECDHE or DHE in the name, in this order of preference) and authenticated encryption (GCM or CHACHA20 in the name) are at the top. The server must also be configured to select the best-available suite!

    also there is TLSv3 https://tools.ietf.org/html/rfc8446
    (and draft is used already a long time by many;)

    http://www.postfix.org/TLS_README.html

    And while Playing on Mailserver think about MTA Strict Transport Security (Draft standard) and Email DANE / TLSA.

    THX

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Anonymize IP in logs instead of disabling them completely

    It would be great to have an option to anonymize IP addresses, not to disable it completely to get rid of issues with statistics displaying. For example as it is for Plesk on Linux.

    Currently, Plesk for Windows has an option to completely disable IP addresses logging In Tools & Settings > Server Settings which affects web statistics.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Modify Wordpress integrity checker for security optimisations

    So if I create a new Wordpress installation and then I make certain minor security adjustments that are highly recommended in cybersecurity forums, then I will get errors that it is broken through Plesk. I will then forever more be warned that it is broken in Plesk (not in Wordpress) on account of absence of those files, which (as I say) is a deliberate choice I made).

    Ideally this would be modified in the install process (e.g. question: "Would you like to remove the readme and license files after installation?" (then explain why it is important to in a hover…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Add option to mitigate known vulnerabilities by default during installation of WordPress

    There is an option in WP Toolkit to mitigate the Unauth. Blind SSRF vulnerability. However, this may only be applied only once WordPress has already been installed. Please add possibility to secure the instance in this regard (and any other vulnerabilities that might be found later, if such option is added to WP Toolkit) directly when installing WordPress.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. change ALL "http"- to "https"-connections for Plesk-updates and -upgrades

    Change ALL "http"- to "https"-connections for Plesk-updates and -upgrades:

    http://autoinstall.plesk.com
    http://archive.ubuntu.com
    etc…

    This is an unforgiveable severe security bug!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Add rate-limiting rules to Fail2Ban

    Please implement a rule for rate-limiting requests from outside resources and include it into Fail2Ban's default ruleset.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. SSL Certificates with passphrase

    It'd be great to have an option to upload 3rd-party SSL certificates with passphrase in Plesk

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Ability to monitor clients uploads via FTP or File Manager

    It would be nice to have the ability to detect customer uploads via FTP or File Manager. So it will be possible to check files afterwards.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base