- Plesk for Linux
- Plesk for Windows
How to improve security of a Plesk server and protect it from being compromised?
Plesk Onyx 17.8 has enhanced security and pre-installed Advisor extension. This extension helps to maintain security of a Plesk server.
- Keep Plesk up-to-date
- Set up the minimum password strength as Strong
- Filter all unused ports using a firewall. Ports that are required for Plesk functionality can be found here
- Secure Plesk and a mail server with SSL/TLS certificates
- Set up secure FTP connection
- Limit administrative access to Plesk
- Restrict Remote Access via XML API
- Install and configure Web Application Firewall (ModSecurity)
- Use WordPress Toolkit Security Check to implement security best practices for WordPress instances
- Enable automatic updates for WordPress and its modules as well as for other APS packages
- Avoid using outdated web application packages, as they might contain vulnerabilities. Upgrade these applications to the latest version if possible.
- Install VirusTotal Website Check to scan websites using multiple anti-virus engines.
- Use Google Authenticator extension to set up a multi-factor authentication
Recommendations for Plesk on Linux
- Allow SSH access via a keyfile
- Use a non-standard port for SSH connections
- Forbid SSH authentication for root user
- Switch off Perl and Python if it is not required for a website and never use 'mod_perl' and 'mod_python'.
- Install a complete automated security solution Immunify360 to keep a server safe
- Install Fail2Ban to block hack attempts
- Do not use the PHP handler served as Apache module as it is not secure
- Enable automatic updates for system packages
- Use KernelCare extension to be sure that a server's kernel is up-to-date
- Configure the FTP passive port range on Linux
- In case of planning to set up PCI DSS Compliance, visit Meeting PCI DSS Requirements for Plesk
- Optimize Plesk against a SYN-Flood (DOS) Attack
- Ensure that Apache does not allow the SSL 2.0/SSL 3.0 protocol
- Check the advanced documentation pages related to Plesk for Linux security: Enhancing Security
Recommendations for Plesk on Windows Server
- Use a non-standard port for RDP connections
- Switch off unused programming and scripting languages
- Always install latest Windows updates
- Prohibit customers from overriding handlers via web.config files
- Enable DDoS protection
- Configure the FTP passive port range on Windows Server
- Set up a file audit on Windows Server