Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
36 results found
-
Update nginx with a newer version of openSSL
Update nginx to be linked against a more recent version of openssl, so that TLSv1.2 and mmore secure cipher suites are supported
25 votesAlready updated in Plesk Onyx 17.8. https://support.plesk.com/hc/en-us/articles/115000422229-How-to-enable-disable-particular-TLS-version-in-Plesk-on-Linux-
—
IG -
13 votes
You can just use “Plesk User logged in” event with the command for sending notification through appropriate channel to admin in Plesk Event Manager.
—
IG -
Security: Support TLS1.3
Support the new version TLS1.3 for webserver and email. Most of the Browser already support it.
8 votesThe support of TLS v1.3 has been implemented in Plesk Obsidian and is available only for RHEL 8, CentOS 8, Ubuntu 18.04, Ubuntu 20.04 and Debian 10 because this protocol requires the version 1.1.1 of OpenSSL, available on official repositories of the aforementioned OSes. Also, TLS v1.3 support is enabled by default on all new Plesk installations on these OSes. For all details please see this KB article:
-- PD
-
replace the outdated rkhunter in the Watchdog module through state of the art technology
rkhunter as packaged is outdated, however, the project website seems not to be maintained any more and the last update is already years ago (current state: 24th of February 2014, which are 3+ years). There are many possible alternatives: chkrootkit is the easiest one, LMD a bit different, but also an idea, ossec, Lynis or OpenVAS would be additional interesting "upgrade" paths. However, rkhunter being outdated and not really maintained any more is somehow useless and should be replaced.
5 votesRkhunter was updated to new version 1.4.4 in Plesk Onyx 17.8
—
IG -
IP Address Banning
I like the IP Address Banning feature of Plesk 12 but it needs a list of permanent bans.
5 votes -
Please develop a "Two-factor verification" option
Please develop a "Two-factor verification" option using email and google authentication app or mobile to log in to Plesk for additional security against cyber attacks.
4 votesThis functionality has been available for a long while with the Google Authenticator extension that can be installed for free from the extensions catalog.
-- PD
-
SEO 301-Forwarding HTTP to HTTPS for webmail.x.x too
Same as for websites www.x.x, but for webmail adresses webmail.x.x
It's security relevant, because http://webmail.x.x ist still default.tia
Andreas4 votes-- PD
-
plesk 12.5 windows to have auto banning of IP for IP address that uses brute force to hack user email accounts.
I was looking at my smtp activity log file and I realize that it is possible to use brute force to try to hack into someone's email account.
Basically the log shows this IP address logging in with the user's password, then the server returns the message, invalid user or password.
The same IP then tries again automatically with another password and it just keeps going none stop.
Would be great if the system can just automatically ban this IP after maybe 10 failed attempt. So it doesn't eventually break through.4 votesAlready available in scope of fail2ban Plesk feature.
—
IG -
Vuln Scanner
You guys should install a Vuln Scanner so you can scan your site for any exploits and how to patch them before your server gets hacked
4 votesUse Advisor Plesk Extension https://ext.plesk.com/packages/bbf16bc7-094e-4cb3-8b9c-32066fc66561-advisor
—
IG -
Add the notification in Plesk that Fail2ban is enabled or disabled
Add the notification in Plesk that Fail2ban is enabled or disabled so that Plesk Admin can see if tFail2ban service is working or not in Tools&Settings > Fail2Ban, e.g. "Fail2ban is active".
3 votesThe information is available on the start page dashboard as "IP Address Banning". Inside the Fail2Ban configuration it is available on the "Settings" tab (checkbox "Enable intrusion detection").
-- PD
-
Add exceptions to automatic 301 redirects to https
Automatic renewal of Let's encrypt certificates does not work when automatic redirects to https are enabled.
It seems that Let's encrypt needs do excess the .well-known directory over http and fails if it receives a 301 redirect. It would be helpfull if the redirect could be specifically disabled for certain directories.
3 votesCertificate renewals became independent of tokens hosted in user directories and since then can be done regardless of the SSL/non-SSL setting.
-- PD
-
Panel log-in limit
There should be settings to limit log-in attempts. For example 5 trys within 10 minutes - width the same Ip-adress.
3 votesIt is already available since Plesk version 12.0 as part of Fail2ban service support
-
To make it easier to configure DKIM, SPF, and DMARC Protection are automate the process
The guidelines about how to enable DKIM, SPF, and DMARC Protection are difficult to read and understand how to implement. It would be easier to automate this process. Especially because those are very important for mail and web safety.
2 votesWhen you add a domain in Plesk and Plesk is also the nameserver for your domain, DKIM, DMARC and SPF records are automatically added to the DNS configuration. If you do not have DKIM enabled by default but add it later, the record is added to DNS, too. There is no need for manual configuration when you use Plesk for DNS.
-- PD
-
I need TTF (True Type Font) support for use with/in a PHP Captcha class.
There are different kind of Security steps we have to take in use for the user interaction. CAPTCHA is the main item in this respect when we provide users with front end data input(via any form) and in some cases all forms do not support Google Re-Captcha, then we have to use custom PHP Captcha class to complete the security steps of user submitted data within a form.
For most of the character based Captcha, they mostly used TTF font (True Type Font).
So, Please add support for TTF Fonts with Plesk.
2 votesTTF themselves are just font files. If you want to create images including TTF fonts, this is solely done by your software and does not need any specific support on the web server or operating system. If you want to enable TTF downloads, meaning that TTF can be used by surfers directly from your website, you need to add a MIME type for your file. This can already be done and is described here: https://support.plesk.com/hc/en-us/articles/115003017653-How-to-configure-MIME-types-for-a-domain-in-Plesk
Should this not meet your expectations, please add a more detailed description to this feature request what you understand by "support for TTF fonts".
-- PD
-
upgrade owasp modsec 3.3.2
Hi devs !
Actual plesk owasp modsec version is 3.2 from 2019.
Could you update to the last version ? ( 3.3.2 )Thanks in advance
1 voteIt is already there:
Plesk 18.0.40
[root@ppu18-0 ~]# rpm -qa plesk-modsecurity-crs
plesk-modsecurity-crs-3.3.2-2.centos.7+p18.0.38.0+t210825.1032.×86_64Please use the latest version of Plesk.
—
IG -
plaace a reset security key in pleask so when people like myself can not enter
i suggest you have an override security key to access unaccessible servers, my server is not accessible at present and if only an ssh key that plesk owned could access with client credentials applied also to do a 2fa sytlye system so no privacy infringement aware broken
1 voteYou can always get/reset Plesk admin password with help of this KB article, for example https://support.plesk.com/hc/en-us/articles/213381869--How-to-get-reset-lost-Plesk-Administrator-password-in-Plesk-for-Linux
—
IG -
How can I update the PHP-version?
the PHP-page does not give that possibility.
Pleas make one.1 votePlesk regularly updates versions of PHP. You can verify this in our changelog – https://docs.plesk.com/release-notes/obsidian/change-log/
You do not need to worry about it.
—
IG -
1 vote
-- PD
-
Block client IP for SQL Server for multiple failed logins remote connection
When database remote connections are allowed from any host, there are numerous failed login (hacking) attempts.
Database logs show failed attempts are usually for multiple login Ids and from multiple IPs at the same time.
Although strong passwords ensure safety to a level, it would be better if such attempts could be blocked to some more extent by configurations/settings like:
* Blocking an IP after n failed login attempts.
* Manually block/unblock an IP like a Blacklist/Whitelist IP option.
* Unblocking can be auto after a configurable time span e.g. 30 min, 6 hours, 24 hours etc.
* Database server…1 voteYou can use Plesk fail2ban feature with special mysql jail. More details you can find here https://talk.plesk.com/threads/fail2ban-for-mysql.343704/
—
IG -
CLI for Security Advisor
Plesk now has the wonderful Security Advisor feature. It desperately need a CLI interface to automate securing websites on multiple servers, especially in the light of incoming changes to Chrome and Firefox, and Google search results requiring SSL.
1 votePlease use
plesk ext advisor —help
Thanks.
—
IG
- Don't see your idea?