How to secure Plesk login page?

Emily Routledge

Member
Registered
Joined
Aug 13, 2016
Messages
61
Points
8
After installed Plesk onyx, do I need to secure for Plesk? for example, I need to secure Plesk login page or change port or something else to make my Plesk secure?
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
After installed Plesk onyx, do I need to secure for Plesk? for example, I need to secure Plesk login page or change port or something else to make my Plesk secure?
Hello,
no, you just have to enable the "IP Address Banning (fail2ban)" in Tools & Settings to make sure Plesk login page will not be attacked by bruteforce.
 

CiAN

New member
Registered
Joined
Dec 23, 2017
Messages
14
Points
3
Out-of-the-box Plesk is already quite secure, however there are some further tweaks you can use without needing to pay extra.... these include:

1. tools & settings - system updates [ensure automatic plesk & system updates are active]
2. tools & settings - server-wide mail settings [switch on spam protection based on DNS blackhole lists - you can use their suggested defaults]
3. tools & settings - spam filter settings [switch on server-wide SpamAssassin spam filtering]
4. tools & settings - spam filter settings [switch on server-wide greylisting spam protection - hugely reduces spam by causing messages to attempt delivery more than once (spammers almost never do)]
5. tools & settings - firewall [enable]
6. tools & settings - IP address banning (fail2ban) [enable - and remember to set yourself as a trusted IP Address, to avoid being locked out...]
7. install and activate the extension Google Authenticator for two factor authentication, if you have a fixed IP on your Internet broadband connection, you may also consider restricting the admin login to that...

There are further things of course, but the above gets you going and are low stress items... as always, your mileage may vary!
 

CiAN

New member
Registered
Joined
Dec 23, 2017
Messages
14
Points
3
Best answer
Simply switching it on will turn on the default rule sets for a Plesk server (Windows and Linux), meaning service ports in use will be opened and others closed...

After that, it depends if you want to close some of the default ones off... which is a whole thread in itself... such as you may decide you do not want to have insecure / non-SSL web ports, mail ports, etc open, or you know some will not be used even though they are bundled, etc... but it really is something to consider on a case by case basis although I would suggest you disable what you dont use... the below example is for Linux, so Samba (Windows file sharing) has been turned off, as well as the usual ~if not allowed explicitly above, deny all other traffic rules near the bottom.

1555061740553.png
 

HostechSupport

Active member
Registered
Joined
Jan 19, 2013
Messages
68
Points
8
Plesk is already secured with port no. 8443
 
Recommended Threads
Replies
4
Views
1,508
Replies
3
Views
1,688
Replies
1
Views
2,221
Replies
15
Views
6,164

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top