How to secure Plesk login page?

Joined
Aug 13, 2016
Messages
61
Best answers
0
Ratings
2 1
Points
8
#1
After installed Plesk onyx, do I need to secure for Plesk? for example, I need to secure Plesk login page or change port or something else to make my Plesk secure?
 

VirtuBox

Global Mod
Staff Member
Joined
May 3, 2016
Messages
1,601
Best answers
4
Ratings
444 13
Points
83
#2
After installed Plesk onyx, do I need to secure for Plesk? for example, I need to secure Plesk login page or change port or something else to make my Plesk secure?
Hello,
no, you just have to enable the "IP Address Banning (fail2ban)" in Tools & Settings to make sure Plesk login page will not be attacked by bruteforce.
 

CiAN

New member
Joined
Dec 23, 2017
Messages
14
Best answers
1
Ratings
10 1
Points
3
#4
Out-of-the-box Plesk is already quite secure, however there are some further tweaks you can use without needing to pay extra.... these include:

1. tools & settings - system updates [ensure automatic plesk & system updates are active]
2. tools & settings - server-wide mail settings [switch on spam protection based on DNS blackhole lists - you can use their suggested defaults]
3. tools & settings - spam filter settings [switch on server-wide SpamAssassin spam filtering]
4. tools & settings - spam filter settings [switch on server-wide greylisting spam protection - hugely reduces spam by causing messages to attempt delivery more than once (spammers almost never do)]
5. tools & settings - firewall [enable]
6. tools & settings - IP address banning (fail2ban) [enable - and remember to set yourself as a trusted IP Address, to avoid being locked out...]
7. install and activate the extension Google Authenticator for two factor authentication, if you have a fixed IP on your Internet broadband connection, you may also consider restricting the admin login to that...

There are further things of course, but the above gets you going and are low stress items... as always, your mileage may vary!
 

CiAN

New member
Joined
Dec 23, 2017
Messages
14
Best answers
1
Ratings
10 1
Points
3
#6
Best answer
Simply switching it on will turn on the default rule sets for a Plesk server (Windows and Linux), meaning service ports in use will be opened and others closed...

After that, it depends if you want to close some of the default ones off... which is a whole thread in itself... such as you may decide you do not want to have insecure / non-SSL web ports, mail ports, etc open, or you know some will not be used even though they are bundled, etc... but it really is something to consider on a case by case basis although I would suggest you disable what you dont use... the below example is for Linux, so Samba (Windows file sharing) has been turned off, as well as the usual ~if not allowed explicitly above, deny all other traffic rules near the bottom.

1555061740553.png
 
Latest Threads
Replies
0
Views
2
Replies
3
Views
35
Replies
0
Views
14

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top