Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
142 results found
-
Allow for E-Mail Notifican of Fail2Ban IP addresses that get blocked
Most fail2ban implementation have functionality that will allow for an alert email of IP's getting banned. This would be helpful for system administrators to review and take further action.
4 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Inform users automatically of weak password usage (emailaccounts, FTP, installed WP installations, etc.)
I think it would be an excellent idea if there was a feature within Plesk which actually checks (once a week or so) for weak passwords and informs users about weak passwords in general.
We still have a lot of customers who use (extremely) weak passwords. To check these manually (even with a simple written script) is to time consuming.
This should be done automatically nowadays. Therefor such a feature is really needed in Plesk.
It should check for weak passwords for:
- weak passwords used in emailaccounts
- weak passwords used for user created databases
- weak passwords for hostingaccounts
- weak passwords…
3 votesThis is a technically impossible task, because none of the passwords are stored in plain text, but they are stored as hashes. The length or characteristic of a hash does not reveal whether the password is weak or strong. For that reason it is impossible for a software to determine which passwords are the weak passwords and which are the strong, hence users with weak passwords cannot be identified.
-- PD
-
OCSP stapling for webmail in Plesk
Add a feature to enable OSCP stapling for webmail of domains that will increase webmail security.
This feature is already available for domains in the SSL It! extension.
3 votesThe purpose of OCSP stapling is not increased security. It does not provide increased security at all. The purpose is to avoid an extra DNS and GET request to the trust center by the user's browser, hence OCSP stapling makes the overall surfing experience a few milliseconds faster. While this can have a (minor) effect on websites, it will not have any recognizable effect on webmail. It will actually only increase the load on the server, because now the server needs to validate the SSL cert, but for the very few requests that a webmail user has, it won't speed-up his webmail experience.
As this request also did not gain popularity during the past 3 years, we must decline it.
-- PD
-
3 votes
Thank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
—
IG -
Remove the certificate for securing mail from Plesk
There is no option to remove Certificate for securing mail via Plesk UI, the only option is to switch it to another.
Please add feature to unassign the certificate.
3 votesNo further information has been provided, so that it remains unclear for which business case removing a certificate from the mail server could be required. As this request also did not become popular we must decline it.
-- PD
-
remove kernelcare suggestion on openvz vservers!
If a servers runs on a openvz environment there is no need for kernelcare as it shares the kernel with the host.
Therefor your suggestion including your offer to sell a license at 5$+VAT vs 3.95$ at the cloudlinuxes website this very misleading!
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
View certificate expiration dates for all domains
Please add the functionality to view the summary of certificate expiration dates for all domains.
This will help to monitor the situation and diagnose what is going on.
3 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Whitelist rkhunter warnings caused by Plesk
rkhunter security scan will always show security warnings caused by Plesk, as per https://support.plesk.com/hc/en-us/articles/115001160954-What-Watchdog-warnings-may-be-safely-ignored
You should whitelist these warnings by default.
3 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG -
New ModSecurity vendor (SecRemoteRules)
ModSecurity 2.9.x and newer support SecRemoteRules directive, which allow download rules from remote server.
This kind configuration is not now possible to ModSecurity Vendor list in Plesk GUI.
Syntax: SecRemoteRules [optional crypto] key https://url
Example: SecRemoteRules 12371283813.8712832abd https://rules.malware.expert/download.php?rules=genericWe offer shared webhosting modsecurity rules: https://malware.expert/modsecurity-rules
3 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Single sign on from WordPress account so hosting provider can allow customers to access plesk if they are logged into WordPress account firs
I am looking to create a site a hosting provider in woocommerce and want the customer to be able to access plesk if they are logged into their account in WordPress. So password of both plesk and WordPress will be in sync.
3 votesThank you for your input!
Unfortunately, we have to close your request because it has not become quite popular for further implementation over the years.
--
IG
-
3 votes
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
prevent users from changing permissions of files and folders to 777
for safety should block permits chmod when apache runs fastcgi users plesk and users ftp
3 votesThank you for your input!
Unfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Port knocking
If it possible to add a feature do disable SSH Port every time. And only if a special sequence of ports where knocked the SSH Port will open?
3 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Alarm, when some IP address is visiting too much
There is a really big issue, because some people are crawling the website and stealing all content.
There should be anything, so we can set whitelist for Google, Yahoo and Bing crawler. When another IP requesting too much pages in short time, an email should sent automatically.3 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Allow whitespace in (administrator) passwords and if you don't give proper feedback.
If I enter an administrator password with whitespace in it, it seems to be accepted but isn't actually applied.
3 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Fail2ban: ability for global setting to have mail alert feature
In Plesk 12 current settings of Plesk fail2ban manager has not the ability to set globally a action for blocking and mail alerts.
At this time you have to add a action sendmail... for every jail!
Adding a macro like:
banaction = iptables-multiport
action_ = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
actionmw = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(name)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
actionmwl = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(name)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"
action =%(action_mwl)sdoes not work properly and easy!
And needs much manual configuration in /etc/fail2banPlease add teh ability…
3 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
limit socket connections in php
Limit socket connections (per hour / minute) of php to fight abuse / ddos
3 votesUnfortunately, we have to close your request, because over the years it has not become quite popular for further implementation.
—
IG -
Harden Your PHP for Better Security
We should all consider PHP security, giving us the option to Harden our PHP through the GUI or add an optimizer that does it automatically by scanning the websites.
2 votesWe regret to inform you that we are closing this request as no feedback was provider for quite a while.
-- SH
-
Show if server needs reboot
It should be nice to have a notification if server needs reboot inside plesk.
Like after big updates ( kernel , os components ... )
Like message when you connect to SU in SSH.
2 votesAs major operating system changes that require a reboot (such as the mentioned Kernel upgrade) are not subject of updates that can be done from within Plesk, a reboot message is not needed. This request did not gain popularity either, so we must decline it.
-- PD
-
Goolge 2 factor authentication for Repait Kit page
Implement Goolge 2 factor authentication for Repait Kit page t https://example.com:8443/repair
2 votesUpd: Sorry, we are closing the request as no information were provided for over a month.
—
IG
- Don't see your idea?