Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
104 results found
-
Use Lets Encrypt to secure FTPs connections
Hi,
I usually use the ftp.site.com subdomain for the client FTP connections.
And to secure those connections I enabled FTPs. But at this point the users receive a certificate host name mismatch because the FTPs connection is being setup using the VPS Lets Encrypt cert.It would be nice to use the Lets Encrypt certificate service also to secure the FTPs connections.
Thanks!
414 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— AY
-
Windows Fail2Ban
The new security option for plesk 12 is Fail2Ban, but it is only for Linux version.
There is an opensorce for windows.
http://www.digitalruby.com/securing-...icated-server/
I suggest to Parallels Team include this.
135 votes -
Temporary FTP accounts (with expire date)
It would be great to have ftp account with an expire date.
A sort of temporary ftp accounts.This becomes really usefull when you need to share your ftp details temporary with a webdeveloper, or somebody else to maintain of check an website.
I always make a new FTP account for this sort of events, but then forget to delete them. It would be real nice if you could set a expire date that the account automaticly blocks itself after that date is past.
112 votesThank you for your input. We will consider the possibility of implementing this feature in upcoming releases.
— ES
-
Create daily md5-hashes of the web-content of a domain, to quickly identify tampering or hacking.
Let Plesk on every night optionally create/compare md5-hashes from all files in the domains storage-space (web,httpdoc,ftp) and update this in a simple list (database), sortable by date of last change, size, number of changes. Indicating "changed files in the last xx days" to have a time-window to drill down.
In addition, accumulate all vhosts together into a seperate "Admin-View", where ALL domains are put together alphabetically.
Add an additional button "snapshot", so one could create a list of all webfiles on request. For example, when an incident has been cleaned, then click "snapshot" and then wait some time to see…
71 votes -
Deploy MTA Strict Transport Security
TLSEVERYWHERE
https://www.hardenize.com/blog/mta-sts
https://www.msxfaq.de/signcrypt/smtp_mta_sts.htm (German)64 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
Fail2ban setting findtime per Jail
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
Why?
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds banThere are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.
64 votes -
Integrate CrowdSec
It would be a great security improvement to integrate CrowdSec to Plesk Panel.
Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems.
https://github.com/crowdsecurity/crowdsec62 votesThanks for your feature request. We will definitely consider the possibility of its implementation if it receives a significant number of votes and is in demand.
—
IG -
Enhanced VPN support
Since VPN connection are more and more common, and mobile devices used to connect to monitor servers, there is a need for an enhancement on the old VPN Add-on on plesk (linux).
Currently the IOS and Android OpenVPN client does not support secret — Static key encryption mode (non-TLS) is not supported.
from https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html
Which is the only way to use the Plesk VPN connection because it does not support certificates.
There is a lot of literature on troubles with VPN on mobile, but basically, all of them are due to old style, unsecured way to connect to VPN.Can…
57 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
AA -
Support HPKP
I'd like to see HPKP integrated into the SSL certificate management of Plesk. This would allow, in combination with standard Nginx/Apache config, for a strongly recommended and worthwhile security element to be added to hosted sites.
Testing tool
https://securityheaders.ioMore info
https://scotthelme.co.uk/hpkp-http-public-key-pinning/57 votes -
Naxsi - web application firewall for Nginx
Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx
44 votesThank you for your input. We will review this nginx module to see if we should support it out of the box
-
SAML integration
For setups with a large amount of plesk servers it would be very nice to be able to be able use a SAML integration to handle the user authentication.
40 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Integration with firewall service on the blocked addresses. https://www.abuseipdb.com/api.html
Allowing you to see information from other participants and automatically deny access to all new locations as they are very much in a day.
AbuseIPDB
making the internet safer, one IP at a time37 votesWe will consider this functionality in upcoming releases if it will be popular. However, in part of integration with 3rd party, probably it will be faster if you create Plesk extension. Please refer to https://docs.plesk.com/en-US/17.0/extensions-guide/what-are-plesk-extensions%3F.76331/ to know how.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Enable OCSP stapling and HSTS for Plesk panel
OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
However these settings cannot be enabled while securing Plesk panel.
So it will be really appreciated if such functionality is included in future Plesk updates.31 votesThank you for your input! We will consider this functionality for the upcoming releases if it becomes popular enough.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Enable IIS option "loadUserProfile:true" for dedicated application pools
In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, .NET Core or PHP.
You can find some basic information about this setting in this Stack Overflow answer: https://stackoverflow.com/a/17149834/1297898.
Official Microsoft documentation: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, https://docs.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sitesI will be pleased to provide any additional information you may require.
29 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
2FA (two-factor authentication) for webmail, e.g. Google Authenticator for Roundcube login
Two-factor authentication for webmail
29 votesWe will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
Implement a support module for Duo Security 2FA
Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?
27 votes -
Implement Dropbox's (zxcvbn) password strength library
Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn
Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaud-bisque-batch-forefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".
Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.
24 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Implement OSSEC
Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.
24 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
24 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
Port Scan protection, PortSentry / PSAD
Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.
22 votes
- Don't see your idea?