- Plesk 12.5 for Linux
- Plesk Onyx for Linux
Some errors occur during PCI compliance scan. How to pass it successfully?
Here is the list of some fails that can be met in the report:
PHP Unsupported Version Detection
The outdated PHP version is in use. To pass PCI compliance it is recommended to use PHP 5.5.x or higher. To set the needed version open Subscriptions > example.com > PHP Settings .
WordPress Unsupported Version Detection
Upgrade the WordPress installation to the latest version under Subscriptions > example.com > WordPress > Update .
SMTP Service Cleartext Login Permitted
To get rid of mentioned above errors, use Plesk
# plesk sbin pci_compliance_resolver --enable
Running the utility with the
option applies the following security changes to Plesk services:
- Sets the list of ciphers.
- Sets DH parameter's size to 2048.
- Disables SSL/TLS compression.
disable_plaintext_auth = yesfor Dovecot.
- Disallows plaintext authentication for non-encrypted connections to Courier Mail Server.
In case you need to set some specific parameters for the each service, please use
To read more about both utilities, check Advanced Administration's guide for Linux .
SSL Medium Strength Cipher Suites Supported
Medium strength ciphers are using. In order to pass it, increase ciphers' strength for a corresponding daemon.
FTP Supports Cleartext Authentication
According to PCI DSS if FTP connections to the server are allowed, all FTP connections except secure FTPS ones must be prohibited: Tools & Settings > Security Policy > Allow only secure FTPS connections .
PHP expose_php Information Disclosure
The error means that PHP is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. The solution is in the PHP configuration file
. Restart the web server daemon to put this change into effect.
Web Application Potentially Vulnerable to Clickjacking
In order to protect the website from clickjacking please add following lines in
sameOriginOnly = true
- This option has been implemented in Plesk Onyx only and has not been tested in Plesk 12.5. In case of any issues please upgrade to Plesk Onyx.
- Check Clickjacking Defense Cheat Sheet for additional information regarding clickjacking.