Search for:

Available article translations:

Plesk security best practices

Article ID: 114620, created on Aug 21, 2012, last review on Nov 18, 2015

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 12.5 for Windows
  • Plesk 12.0 for Windows
  • Plesk 11.0 for Windows
  • Plesk 11.5 for Windows


Are there any tips for keeping Plesk secure?


General rule to secure Plesk is make sure the latest updates are installed. Also you can check more useful topics bellow.

  1. First, make sure you go through the list provided in the following articles and documentation:

    • 114396 Securing Plesk: Best Practices to Prevent Threats
    • 391 Which ports need to be opened for all Plesk services to work with a firewall?
    • 120772 Configure Passive FTP port range on Windows Server
    • 1240 Configure Passive FTP port range on Linux Server
    • Plesk Administrator's Guide Protection Against Brute Force Attacks (Fail2Ban)
    • Plesk Administrator's Guide Web Application Firewall (ModSecurity)
  2. Do not forget to check the Securing Plesk section of the Administrator's guide. Topics covered in this section include the following:

    • Restricting Administrative Access
    • Setting Up the Minimum Password Strength
    • Enhanced Security Mode
    • Using Secure FTP
    • SSL protection
  3. Linux users may also check the advanced documentation pages related to Plesk for Linux security: Enhancing Security. This documentation covers the following topics:

    • Restricting script execution in the /tmp directory
    • Configuring site isolation settings
    • Protecting users from running tasks on behalf of root
  4. If you are dealing with credit cards, this document is worth reading:

    Meeting PCI DSS Requirements for Plesk 12 Suite

  5. It is recommended to be aware of these issues:

    • 9689 FTP users have access to root directory on server
    • 11239 SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
    • 112171 Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
    • 113321 Remote vulnerability in Plesk (CVE-2012-1557)
    • 114625 Plesk accepts both old and new admin passwords when integrated to CBM
    • 115942 Public issues VU#310500, CVE-2013-0132, CVE-2013-0133
  6. These articles may also be useful in certain scenarios:

    • 1323 How can I run Rootkit Hunter with the update option?
    • 1357 [Security] Defending against a SYN-Flood (DOS) Attack
    • 1763 [Info] How to ensure that Apache does not allow the SSL 2.0/SSL 3.0 protocol
    • 7027 [How to] RKHunter warning improvement
    • 8119 How to prevent your Plesk from brute-force attacks
    • 112156 How to set up a file audit on Windows server

TIP: Feel free to subscribe to updates to this article in order to keep track of new security issues.

Search words:

Unable to get dump list

apache post flood

How to secure installation


Plesk security questions


56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8 29d1e90fd304f01e6420fbe60f66f838 514af229ae32522202a910a2649c80fb bd7fc88cf1b01f097749ae6f87272128 aea4cd7bfd353ad7a1341a257ad4724a 0a53c5a9ca65a74d37ef5c5eaeb55d7f 01bc4c8cf5b7f01f815a7ada004154a2 46a8e394d6fa13134808921036a34da8 742559b1631652fadd74764ae8be475e e335d9adf7edffca6a8af8039031a4c7 ed7be2b984f9c27de1d2dc349dc19c6d a766cea0c28e23e978fa78ef81918ab8 2a5151f57629129e26ff206d171fbb5f 8b661cab116c79dbe6c4ac5bbdf1c8cb

Was this article helpful?
Tell us how we may improve it.
Yes No
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification