How to Secure Your Plesk Account?

Plesk is one of the most widely used hosting control panels, offering a lot of features to web administrators, developers, and hosting providers. Like all online systems, it’s important to ensure that Plesk accounts remain secure from potential threats. In light of this, we’ve curated a guide to help you robustly secure your Plesk account, shielding it from malicious threats and unauthorized access.

In this blog, we will discuss how you can enhance the security of your Plesk environment by creating strong password, enabling and configuring the Plesk Firewall, implementing Google Authenticator, and restricting IP access.

Create a Strong Password

Creating a strong password is the first and most important step in securing any account, including your Plesk account. Here are some guidelines you can follow for creating a strong password:

• Use at least 12 characters – Longer passwords provide better security.
• Include numbers, symbols, and both uppercase and lowercase letters – This combination makes it harder for someone to guess or crack your password.
• Avoid using personal information – Names, birthdays, and other personal details can be easily obtained or guessed.
• Use a passphrase – A sentence or a combination of words can be more secure and easier to remember.
• Change your password regularly – Update your password every few months to ensure ongoing security.
• Avoid reusing passwords – Ensure each account has a unique password to prevent a breach of one account leading to the compromise of others.

Enable and Configure the Plesk Firewall

The Plesk Firewall acts as a protective barrier against unauthorized access. Here’s how you can enable and configure it:

1. Log in to your Plesk account.
2. Click on “Tools & Settings.”
3. Under the “Security” section, click on “Firewall.”
4. Enable “Firewall protection” to activate it.
5. Once activated, you can configure the firewall rules. This lets you define which traffic to allow or deny. Be careful with the settings; blocking essential ports can cause malfunctions.
6. Regularly update your firewall rules to stay protected against new threats.

Implement Google Authenticator

Google Authenticator in Plesk allows you to add an extra layer of security by enabling two-factor authentication (2FA) for your Plesk account. To make use of it you need to install the Google Authenticator application on your mobile device. Afterwards install the extension in Plesk and enable it.

1. In the Plesk panel, click on “Extensions.”
2. Search for the “Google Authenticator” extension in the search bar.
3. Click on the extension and then click “Get if Free” to install the Google Authenticator extension.
4. Once installed, go back to the Extensions and click on “My Extensions.”
5. Locate the “Google Authenticator” extension and click on it to open its settings.
6. Configure the settings according to your preferences. You can set the IP addresses that are allowed to bypass two-factor authentication and other settings.
7. Once enabled, a QR code will be generated.
8. Open the Google Authenticator app on your mobile device and use it to scan the QR code displayed on the screen. This will add your Plesk account to the app and generate a time-based one-time password (TOTP) for it.
9. Enter the code displayed on the Google Authenticator app into the verification field in Plesk and verify the setup. This step ensures that the setup is successful and is working as expected.

The next time you log in to your Plesk account, the system will prompt you to enter a code. Check the Google Authenticator app that you have installed on your phone for the code.

Restrict IP Access

Restricting IP access to your Plesk account ensures only authorized IP addresses can access the Plesk account, adding another layer of security.

1. In the Plesk panel, go to “Tools & Settings.”
2. Click on “IP Access Restriction Management.”
3. Add the network IP addresses that should have access to the Plesk account.
4. After adding network IP addresses, click on “Settings.”
5. Choose “Denied from the networks that are not listed” and click “OK.”

For enhanced security, regularly update the list of approved IP addresses, especially when logging in from new locations or if there are changes in trusted personnel.

Conclusion

The world of cybersecurity is dynamic, with threats evolving daily. To secure your Plesk account, staying proactive, informed, and consistent in your security measures is key. This guide serves as a foundational roadmap to help you build a robust defense for your online space, and utilizing it will significantly reduce the risk of security breaches and ensure the safety of your websites and data.

Leave a comment if you have any questions, and share this article if you found it useful.