- Plesk for Linux
- Plesk for Windows
How to improve security of a Plesk server and protect it from being compromised?
Plesk Onyx 17.8 has enhanced security and preinstalled Advisor extension that helps making Plesk server more secure. Upgrade to the latest Plesk version.
- Keep Plesk up-to-date.
- Set up the minimum password strength as Strong.
- Use Google Authenticator extension to set up a multi-factor authentication.
- Secure Plesk and the mail server with SSL/TLS certificates.
- Set up secure FTP connection.
- Limit the administrative access to Plesk.
- Restrict Remote Access via XML API.
- Use Web Application Firewall.
- Always use WordPress Toolkit Security Check to implement security best practices for WordPress.
- Enable automatic updates for WordPress and its modules as well as for other APS packages.
- Avoid using outdated web application packages, since they might contain vulnerabilities. Upgrade these applications to the latest version if possible.
- Install VirusTotal Website Check to scan websites using multiple anti-virus engines.
- Filter all unused ports using a firewall. Ports that are used by Plesk can be found here.
- Allow SSH access via a keyfile.
- Use a non-standard port for SSH connections.
- Forbid the SSH authentication for root.
- Switch off Perl and Python if it is not required for the website and never use mod_perl and mod_python.
- Install Opsani VCTR to scan for vulnerabilities.
- Install Fail2Ban to block hack attempts.
- Do not use PHP handler served as Apache module since it is not secure.
- Enable automatic updates for the system packages.
- Use a non-standard port for RDP connections.
- Switch off unused programming and scripting languages.
- Install latest Windows updates.
- Prohibit customers from overriding the handlers via the web.config files.
- Enable DDoS protection.