Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
27 results found
-
Block the IP of the selected country in Firewall
Firewall should be able to block the IP of the selected country. I have a lot of traffic from the IP 5.10. *. *
714 votesThis functionality was added in Plesk 18.0.52 ( https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18052 ). We suggest you to update to Plesk 18.0.52 and check it out.
The feature is based on ipsets and works out of the box.
By default, the feature uses the free version of the DB-IP geolocation database, but also supports MaxMind DB's.
Feel free to share your feedback at at http://talk.plesk.com. --AA
-
Change admin username
It should be possible for the admin user to change his user login name. The name "admin" is not very secure, because it's easiert to hack via brute force. The hackers know, the name is "admin". If the user would be able to change his login name, it would increase the security of Plesk Panel.
561 votesGreat news! The "admin" username can be changed to an arbitrary name since Plesk 18.0.57, published November 21st, 2023. Please see instructions how to do it here: https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/changing-the-plesk-administrator-username.80021/
-- PD
-
Lets Encrypt Certificate for Mailserver and Webmail.
As descriebed earlier
431 votesFully completed since SSL It! 1.2.0: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
Note that SNI for Mail is available since Plesk Obsidian, and only for MailEnable and Postfix+Dovecot (at that old OSes aren’t supported).
Webmail securing is available since Plesk Onyx.
-
295 votes
In Plesk 18.0.54, published July 18th, 2023, Plesk has added the ability to add Transport Layer Security Authentication (TLSA) DNS records to domains’ DNS zones in Plesk. Such records are most commonly used to implement DNS-based Authentication of Named Entities (DANE). With this update the most popular DANE scenario is covered in Plesk for Linux.
Now, with Plesk 18.0.56, published October 10th, 2023, the SSL It! extension supports DANE that ensures reliable encryption for email transport. When a Let’s Encrypt certificate is being issued, TLSA DNS records of email services will now automatically contain information about the certificate.
Please let us know your thoughts on this feature or whether you require additional functions.
-- PD
-
Add subdomains in one Let's Encrypt certificate
Add subdomains to one Let's Encrypt certificate.
Why?
Because Let's Encrypt has currently limit 5 certificates / 7 days on one domain.
Example: in one Let's Encrypt cerftificate will be this DNS names: example.com; www.example.com; sub1.example.com; sub2.example.com
I think it will be helpful if you can simply add your own domains and subdomains in Let's Encrypt Certificate.
Thanks!
248 votesWildcard certificates issuing is available starting 2.6.0
So, now it’s possible to use the same certificate for domain and subdomainshttps://ext.plesk.com/packages/f6847e61-33a7-4104-8dc9-d26a0183a8dd-letsencrypt
https://docs.plesk.com/release-notes/onyx/change-log/#17811-mu20180705
-
fail2ban now supports IPv6 - please upgrade
At some time you closed the request "fail2ban for IPv6" stating that fail2ban does not support it. That was no doubt correct at the time - but now it does, see https://github.com/fail2ban/fail2ban/tree/0.10
I'm seeing a lot of warnings in the fail2ban log on my dual stack servers, like this:
66:1000:b01c:10ab:0:1: [Errno -9] Address family for hostname not supported
and my log checking software is complaining to me about the overly long fail2ban log.
See also: https://ctrl.blog/entry/fail2ban-ipv6
Thanks! Tim.
174 votesAvailable since Plesk Onyx 17.9 Preview 7.
— rk
-
Add ip manually to fail2ban
It is not possible to add an ip manually to fail2ban trough Plesk interface. Sometimes you detect an offending ip address which you want to ban from your system, before it is detected by recidive rule.
151 votesThis functionality was added in Plesk 18.0.63 (https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18063). We suggest you to update to Plesk 18.0.63 and check it out.
If you have any feedback on the implementation of this feature, please let us know on the forum: https://talk.plesk.com/forums/plesk-obsidian-for-linux.748/
Thank you!
— AY
-
Possibility to force SSL on Webmail
Some users don't know why they should enter https:// if they have to access webmail, they use http://
http is insecure. Easpecially in combination with unencrypted wireless connections.
Actually you have to go into the plesk code to set this function somewhere. Why does plesk provide the webmail-login insecure by default?
If you have setup an Domain Certificate, at least then plesk should offer the option to force ssl on accessing webmail.mydomain.??135 votesHi!
The functionality is now available:
1. Linux: in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
2. Windows: in Plesk Obsidian (by default if SSL is turned on for the domain)How to find it in SSL It! Extension:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher “HTTP→HTTPS redirect”, this switcher has an option “Webmail”, turn it on.
5. Additionally, you can setup HSTS (for webmail too)
6. Voila!We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
— rk
-
Plesk interface's web server support for TLS 1.3
Add support of TLS 1.3 to Plesk interface's web server. TLS 1.3. improves security.
131 votesTLS 1.3 for the panel is available since Plesk Obsidian 18.0.21 for the OSes with openssl 1.1.1+, for example: RedHat/CentOS 8, Ubuntu 18.
-
Secure MySQL connections (from Plesk to externally hosted databases)
Secure MySQL connections via SSL/TLS: it is only a number of small changes in the code and a huge step in decreasing the attack surface.
106 votesThis functionality was added in Plesk 18.0.52 ( https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18052 ). We suggest you to update to Plesk 18.0.52 and check it out.
You can find additional information in https://docs.plesk.com/current/administrator-guide/database-servers/securing-connections-to-remote-mysql-database-servers.80017/. Let us know if you have any feedback - visit our forum at http://talk.plesk.com.
— AY
-
change password next login
Ask user to change password at next login screen after reset.
We the providers could generate a temp password (customer asks for a reset), and after the first login screen, plesk will force ask from the client to change our temp password.79 votesGood news everyone!
This functionality was added in Plesk Obsidian RTM release. We suggest you upgrade to the latest version and check it out.
Now it’s possible to automatically send an email with the reset link to a particular customer.
—
AA -
Allow to use SHA256 (SHA-2) for Certificate Request.
This time Plesk make's SHA-1 Certificate Request.
66 votes- grep default_md /usr/local/psa/admin/conf/openssl.cnf
default_md = sha256
Since Plesk 12.5.
— rk - grep default_md /usr/local/psa/admin/conf/openssl.cnf
-
Compile nginx with mod_security
Basically, the title says it all.
It can be done manually but then we wont be able to configure mod_security (rules, detection level, fail2ban) in Plesk.Please include mod_security in nginx.
41 votesSupport of ModSecurity for nginx became available in Plesk Obsidian 18.0.32 on December 8th, 2020. To enable it, please select ModSecurity 3.0 from the ModSecurity configurations page.
-- PD
-
18 votes
DNSSEC is for provided for FREE in Web Pro and Web Host license edition. It’s PAID in Web Admin edition.
-
Add option for minimum 12 characters in passwords
Add option for minimum 8 characters in Plesk > Home > Tools & Settings > Security Policy > Password.
You can label it as "Stronger".
Going from 8 to 16 characters leaves a big step.
We train our customers to user minimum 12 characters in their passwords (including lower/upper case, numbers and symbols).
strength17 votesThe new password strength validator is now enabled by default in Plesk 18.0.45. Learn more about the new password strength validator.
--
IG
-
Mod Security v3.x.x (aka libmodsecurity) for NGINX and Apache
Hi,
Please consider implementing Mod Security v3.x.x (aka libmodsecurity) for NGINX and Apache in the next Plesk update.
At the moment any Plesk user if he wants to use Mod Security (official version supported by Plesk) is forced to use it as a web server:
- Apache
or
- Apache + NGINX
Any Plesk user who wants to use only NGINX as a web server and without using Apache at the moment cannot use Mod Security because Plesk does not currently support it for NGINX exclusively web servers.
Here are some of the advantages of Mod Security v3.x.x (aka libmodsecurity and these…
15 votesAlready supported in Plesk 18.0.32: https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18032
—
IG -
Enable Mail DKIM signing by default
I suggest to add an option to Plesk Service Plans to enable DKIM signing when creating a new hosting package.
Right now we have to manually enable DKIM signing for every new hosting account after creation.
This should be inside a Service Plan under tab: Mail
14 votesSince Plesk Obsidian 18.0.50 DKIM is turned on for all domains that are newly added and have their DNS managed by the same server.
-- PD
-
Add the ability to require 2FA for accounts.
Many sites and online providers today require the use of 2FA to secure accounts. It would be great if Plesk could require the same thing (at least for administrative accounts). I think this could really help increase the security posture of the software.
As it stands now, Google Auth is optional, and a user has the ability to enable/disable it at will, which isn't ideal.
According to this thread, there are currently areas where 2FA wouldn't currently be possible, but all of these issues have already been solved by other companies. I have no doubt that Plesk could do it…
13 votesWe are glad to announce the new Multi-Factor Authentication (MFA) extension (https://www.plesk.com/extensions/mfa/), coming to Plesk Obsidian 18.0.61 and later. The new extension is meant to offer seamless 2FA authentication to all Plesk users, and comes with one of the following benefits:
- Plesk administrators can now make multi-factor authentication mandatory for all Plesk users on a server. Learn more about making multi-factor authentication mandatory.
If you have any feedback on the implementation of this feature, please let us know on the forum: https://talk.plesk.com/.
— AY
-
include OSCP stapling directives for secured sites and panel
See http://forum.sp.parallels.com/threads/ocsp-stapling-for-the-plesk-panel.300280/ for the panel, but would need to be added for all domains also.
13 votesHi!
The functionality is now available in the SSL It! Plesk Extension: https://ext.plesk.com/packages/3c4117f6-c05c-4d3b-9173-60f10096a9c4-sslit
How to find it:
1. install SSL It! Extension (it’s available for Plesk 17.8+)
2. go to > SSL/TLS Certificates
3. if there is no SSL Certificate installed on the domain – issue one (using, for example, free Let’s Encrypt SSL Certificate)
4. if an SSL Certificate is installed on the domain, there is a switcher “OCSP Stapling”, turn it on
5. Voila!We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
-
Provide ModSecurity 3 modules for supported operating systems
ModSecurity 3.0 was released about a year and a half ago, and the 2.x branch support seems to decline.
In addition to that there are some features of ModSecurity 3.x, that would be nice to have:
* Proper support for webservers other than Apache, without having to resort to an Apache-like wrapper module running within other web servers
* Better performance due to the architecture rewrite
* GeoIP2 databases support out-of-box (MaxMind no longer provides new Legacy-GeoIP databases, so this would be very good to have)Considering that newer *nix OS (Debian 10, CentOS 7 through EPEL) ship libmodsecurity-3, I…
11 votesAlready supported in Plesk 18.0.32: https://docs.plesk.com/release-notes/obsidian/change-log/#plesk-18032
—
IG
- Don't see your idea?