Feature Suggestions

Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.

Please write in English so that voters from all over the world can read and support your request.

For technical assistance, contact Plesk support
For questions, bug reports, discussions and free assistance, check our Forum and Facebook page
For additional information, see Documentation, Knowledge Base and Blog
Follow us on Twitter for more news on Plesk development

Off-topic posts will be removed from here

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 434 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add subdomains in one Let's Encrypt certificate

    Add subdomains to one Let's Encrypt certificate.

    Why?

    Because Let's Encrypt has currently limit 5 certificates / 7 days on one domain.

    Example: in one Let's Encrypt cerftificate will be this DNS names: example.com; www.example.com; sub1.example.com; sub2.example.com

    I think it will be helpful if you can simply add your own domains and subdomains in Let's Encrypt Certificate.

    Thanks!

    249 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. fail2ban now supports IPv6 - please upgrade

    At some time you closed the request "fail2ban for IPv6" stating that fail2ban does not support it. That was no doubt correct at the time - but now it does, see https://github.com/fail2ban/fail2ban/tree/0.10

    I'm seeing a lot of warnings in the fail2ban log on my dual stack servers, like this:

    66:1000:b01c:10ab:0:1: [Errno -9] Address family for hostname not supported

    and my log checking software is complaining to me about the overly long fail2ban log.

    See also: https://ctrl.blog/entry/fail2ban-ipv6

    Thanks! Tim.

    177 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    42 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Possibility to force SSL on Webmail

    Some users don't know why they should enter https:// if they have to access webmail, they use http://
    http is insecure. Easpecially in combination with unencrypted wireless connections.
    Actually you have to go into the plesk code to set this function somewhere. Why does plesk provide the webmail-login insecure by default?
    If you have setup an Domain Certificate, at least then plesk should offer the option to force ssl on accessing webmail.mydomain.??

    135 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    Hi!

    The functionality is now available:
    1. Linux: in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
    2. Windows: in Plesk Obsidian (by default if SSL is turned on for the domain)

    How to find it in SSL It! Extension:
    1. install SSL It! Extension (it’s available for Plesk 17.8+)
    2. go to > SSL/TLS Certificates
    3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
    4. if an SSL Certificate is installed on the domain, there is a switcher “HTTPHTTPS redirect”, this switcher has an option “Webmail”, turn it on.
    5. Additionally, you can setup HSTS (for webmail too)
    6. Voila!

    We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!

    — rk

  5. change password next login

    Ask user to change password at next login screen after reset.
    We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.

    80 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow to use SHA256 (SHA-2) for Certificate Request.

    This time Plesk make's SHA-1 Certificate Request.

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    Hi!

    The functionality is now available in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit

    How to find it:
    1. install SSL It! Extension (it’s available for Plesk 17.8+)
    2. go to > SSL/TLS Certificates
    3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
    4. if an SSL Certificate is installed on the domain, there is a switcher “OCSP Stapling”, turn it on
    5. Voila!

    We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!

  8. to do an upgrade of roundcube for plesk 17 to version 1.2.3

    This week a critical security issue for roundcube has been reported: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
    This is present in all roundcube versions below 1.2.3
    Thank you very much.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    The Roundcube was updated in Plesk Onyx 17.8.11. We suggest you to upgrade to Plesk Onyx 17.8.11 MU1 and check it out (https://docs.plesk.com/release-notes/onyx/change-log/#contents-17811-mu1).

    The Roundcube also was updated in Plesk Onyx 17.5.3 MU29 (https://docs.plesk.com/release-notes/onyx/change-log/#contents-1753-mu29) and Plesk Onyx 17.0.17 MU40 (https://docs.plesk.com/release-notes/onyx/change-log/#contents-17017-mu40).

    Let us know if you have any feedback

    — AY

  9. Add the option "Security of wp-content/uploads folder only"

    Securing the whole wp-content will break many commercial templates, while blocking script execution under the wp-content/uploads and wp-content/upgrade folder have no known side-effects.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. IP Addresses in access_ssl_log with NGINX

    Bug?

    No real IP Addresses from visitors in accessssllog when Ngnix is enable.

    Only Local IP Address will logged.
    Thats bad.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base