Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
125 results found
-
2FA (two-factor authentication) for webmail, e.g. Google Authenticator for Roundcube login
Two-factor authentication for webmail
23 votesWe will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
Implement OSSEC
Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.
23 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Port Scan protection, PortSentry / PSAD
Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.
22 votes -
Add Nginx Jails to Fail2Ban
Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.
That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.
This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04Search for: fail2ban nginx 404
E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
Note The 404 code is…20 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Use of FQDN in the firewall
I would like to use FQDN in the plesk firewall instead of only IP addresses.
20 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Secure default HTTPS settings
Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).
One very good scanner is https://observatory.mozilla.org/
This includes some headers to be sent, and secure TLS settings.
Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLSThe remaining things should be set in Wordpress directly directly by Plesk.
19 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— ES
-
More customizable password strength
Please consider implementing more options for customization of password strength - for example disalbing it, setting allowed password to have lower than 5 symbols or the opposite - increase number of symbols required for a password.
17 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Plesk Premium Email 2fa
Would like to see google auth 2fa enabled for login to webmail on Plesk Premium Email.
17 votes -
Spamhaus Drop List integration.
Add Spamhaus DROP LIST integration to the firewall with update schedule
16 votes -
15 votes
Thank you for the update! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add ipset in Firewall to increase performance
Please extend the Firewall / Concept to make the use of ipset, because it is generally the fastest solution i found so far. Chains like "f2b-recidive" can also be implemented as ipset list. This will speed up the whole process while adding or removing ips. I dont know if there is a cidr support in ipset...
For example, remove the following chain:
f2b-plesk-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
And extend the firewall with a native DROP on the ports as described below:
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 match-set f2b-plesk-postfix src
And then (or before?) just…
15 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
ProFTPd GeoIP blocking
Compile proftpd with "GeoIP"
http://www.proftpd.org/docs/contrib/mod_geoip.htmlThis would allow to block or whitelist countries - even on a per user basis.
We did research on this and most of the foreign FTP attempts are malicious.15 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
chacha20_poly1305 QUIC
Plesk need to Support chacha20_poly1305 or QUIC better both
It's faster than the normal https Socket and more Secure, QUIC can used in https also http and safer as SPDY15 votes -
Disable old TLS protocols in Plesk for Windows
In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:
plesk bin server_pref -u -ssl-protocols "TLSv1.2"
Or meet with PCI compliance with the utility:
plesk sbin pcicomplianceresolver
Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813
It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.
14 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
For security reasons: Turn off outputting PHP Version and also Webserver Version
PHP configuration:
Add the following Lines for Security Reasons!exposephp = off
servertokens offWhy didn't Plesk decide to make these lines available as options in Plesk, as options?
In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx…
13 votesThank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
Social Login SSO - Microsoft O365 Support
Support Microsoft O365 for the Social Login extension for single-sign-on (SSO).
13 votes -
Support of SELinux
Attacks to web servers are in increasing. All modern Linux distribution come with SELinux. SELinux is a perfect way to avoid an attacker to get privileged access to the OS. Currently, Plesk is not supporting SELinux.
Support should be added. A policy should be provided to configure SELinux to support all PLESK relevant actions on the server.12 votes -
Add "mail.example.com" (mail subdomain) in Subject Alternative Names when option "Assign the certificate to mail domain" is selected
Currently almost all mail clients (I used) need the server address to be in the Subject Alternative Names on the certificate, meaning if the configured address is "mail.example.com" instead of "example.com", that first subdomain is not present in the certificate, even when the option "Assign the certificate to mail domain" is selected when issuing the certificate.
11 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
block bad bots by default
There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.
It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.
Here's an example for Apache
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4
And here's for Nginx
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
It could help mitigate attacks and vulnerability scans as well a…
11 votesThank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.BTW, we have following solution for Plesk – https://talk.plesk.com/resources/blocking-extra-bots-using-nginx.6/
—
IG -
Ability for Plesk administrator to disable Plesk customers to change their Plesk UI password
Please add ability for Plesk administrator to disable Plesk customers to change their Plesk UI password.
Message from customer:
I am working on a separate account management panel and I want the customer to log in with the same password. Can I prevent the user changing the password in Plesk.11 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG
- Don't see your idea?