Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
121 results found
-
Disable "Show password" buttons
An option to disable "show password" buttons would be a nice addition to the security policy.
2 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
In banned IP of (Fail2Ban) add the name of subscription where the violating IP was found
In banned IP of (Fail2Ban) add the name of subscription have the infection
2 votesThank you for your feature request. We will consider the possibility of its implementation if it becomes sufficiently popular and in demand.
—
IG -
Require domain TXT record verification before adding domain to Plesk.
Require domain TXT record verification before adding domain to Plesk.
Plesk need to implement an option to require domains to be verified like for example Let's Encrypt with a TXT record with a key value, that Plesk can check on an admin specified interval like 5 mins perhaps, with a self-cleaning feature that removes un-verified domains after X days.
So as Plesk administrator you can activate the domain verification option on subscription level, that requires the customers to verify their domain, when using the function "add domain".
So "add domain" should have an initial state of "awaiting verification" before it…
2 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Disable/Enable access to plesk web interface
I want stop plesk web interface without side effects for the services. I only mean the access as client in the browser. I'm thinking about disabling the web interface via the shell to avoid the many login attempts, to increase security and if you need the web interface yourself, you can temporarily enable it via the shell.
or
Here is already a feature "Restricting Administrative Access" per ip address. https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/restricting-administrative-access.59465/ Nice, but most of us have a dynamic ip address. So it would be nice if you could set the allowed IP(s) via the shell and delete old invalid IPs…
2 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Preset "webmail" and other checkboxes upon SSL certificate creation or reissuing as "checked"
Please provide a possibility to secure webmail automatically if webmail.example.com exists in Plesk.
This can be done by auto-selecting "Secure webmail on this domain" during a certificate creation for example.com.
As it currently stands, end users get confused by the feature.
The more Plesk can simplify this process for end-users, the less support will be required for my customers.
2 votesThank you for your input. We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Centralized SSL Certificate Support
I would like if you guys can add Centralized SSL Certificate Support in Plesk GUI, it would be easy to manage,
as I had added a UNC path (\172.16.0.11\shared-certificates) in my Plesk via command line but now I cannot switch back to local path (C:\shared-certificates) as it was configured with UNC path & if I add a local path via command line, it says that the UNC path is not available even though I am using local path.2 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Have a "call-in PIN" (support phone password) field in each user account
I think a call in pin would be nice. Something that the user can change, but it is kept hidden unless they are logged in and click on it to see it. This will allow for end users to request help securely.
2 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add rate-limiting rules to Fail2Ban
Please implement a rule for rate-limiting requests from outside resources and include it into Fail2Ban's default ruleset.
1 vote -
Add configuration option for protection against host header injection
It will be good to add the feature to configuration the Plesk host header injection protection.
Curretly that is not possible to make it by the Plesk interface.1 vote -
Deprecate clear domain names as home directory
Since plesk is storing each vhost as clear domain name, every user wit shell access is able to see which domains/customers are on this host, eg. with > getenv passwd
We know we can chroot the user but chroot is NOT a security feature and makes trouble with applications the user might expect (or the environment these applications expect) - and there is still a way to break out from the environment or new ways get discovered. Much afford for nothing in the end.
We do not want to put customers in containers, jails whatsoever to restrict the user access…
1 voteThis is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features.
Thanks in advance!
--
IG
-
Firewall, Remote Adress(es): input a lot of remote adresses at once.
In the Firewall settings, to input remote adress(es) to block or allow, it would be usefull, to input a lot of remote adresses, just to block or allow a whole company at once (after getting their adresses from ipinfo.io, for example).
Actually I get spam, check remote IP (at dnslytics.com for example) and block that IP, if wanted.
After getting a lot of these mails from IP adresses of the same company, I get the IP adresses from that company and block all the known IP ranges...one by one.
That could be 100s or more and take too much time.…1 voteThis is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features.
Thanks in advance!
--
IG
-
Ability to monitor clients uploads via FTP or File Manager
It would be nice to have the ability to detect customer uploads via FTP or File Manager. So it will be possible to check files afterwards.
1 voteThis is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features.
Thanks in advance!
--
IG
-
Different SSL protocols for domains
Currently, Apache in Plesk can have only one set of SSL/TLS protocols (SSLProtocol defined in /etc/httpd/conf.d/ssl.conf).
In theory, it is possible to have different SSL/TLS protocols for each vhost if they are listening on different IP addresses.
Add this feature in Plesk to be able to define different set of SSL/TLS protocols for different vhosts.1 vote -
Create security.txt
Help admins and customers to create a security.txt file when creating a site in Plesk Panel, see https://securitytxt.org/
No details yet.1 vote -
mac authenitcation support
Hi there,
i have the 2 step authentication active on plesk login but it only provide support for google authenticator. and plesk is the only website i have in google authenticator so i have to keep the app just for plesk. Please add support for apple also where we can setup 2step authentication with setup key in keychain passwords or any other app easily with relying on google. thanks
1 voteThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
--
IG
-
Implement logic for DDOS protected domains
As a hosting company we should have an option to give customers ddos protection.
The only implementation that works great is taking a domain, secure it with ddos protection service and generate customers a subdomain under this domain.
Lets say, example.com is protected under ddos protection software.
A customer clicks on "add domain" and if we blocked the option to add any domains, there will be only generated a subdomain under example.com, EG: website1223153.example.comThis subdomain would be protected by a ddos protection service.
The customer can create a CNAME to website1223153.example.com in order to connect his domain to the…1 voteThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
--
IG
-
Make Plesk Firewall add/change rules incrementally without restarting the whole service
Make Plesk Firewall add/change rules incrementally without restarting the whole service.
Now Plesk firewall reloads all rules in iptables when rules are changed in firewall (all rules are added anew). If there is a long list of blacklisted IPs or server is under a brute-force attack and there are a lot of IPs blocked by the Fail2Ban, adding/changing any rule via Plesk Firewall will cause server restart that is taking a lot of time due to a large number of blocked IPs.
1 voteThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
1 vote
-
Add a security mechanism when changing a user password
Add a security mechanism for resetting a user password in Plesk, for example verify the password change via email or add a field to submit the old password (implemented for Plesk admin user)
1 vote -
User Role Permissions
Users with permissions to edit roles can edit rights that they do not own and create roles with rights that they do not own. It would be ideal if a user who has the permissions to edit roles can only change and assign rights that he owns.
1 voteThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG
- Don't see your idea?