Keeping Your Plesk Control Panel Secure
Your Plesk control panel gives you full access to manage your websites, emails, databases, and files. Keeping it secure is crucial to protecting your entire hosting environment. Follow these best practices to stay protected.
Tips for Plesk Security
- Use a strong Plesk password — Make sure your Plesk login password is unique and strong. We recommend using the Generate Password option when changing it
- Change your password regularly — Update your Plesk password every 3 months to reduce the risk of unauthorised access
- Use Single Sign-On (SSO) — Wherever possible, log in to Plesk directly from your Zeniar Portal using SSO rather than entering credentials manually
- Keep PHP up to date — Always use a supported PHP version for your websites. Avoid versions marked as (Outdated) as they may contain known security vulnerabilities
- Install SSL certificates — Ensure every website has an active SSL certificate to encrypt traffic between your site and its visitors
- Restrict FTP access — Only create FTP accounts when needed, and remove them when they're no longer required. Always use FTPS (FTP over SSL) for secure connections
- Review database users — Regularly check your database users and remove any that are no longer in use. Avoid granting a single user access to all databases
- Monitor your logs — Use the domain logs feature in Plesk to keep an eye on suspicious activity or unusual errors
- Run malware scans — Use ImunifyAV in Plesk to regularly scan your websites for malware and malicious files
- Limit file permissions — Ensure files and folders have the correct permissions set. Avoid using overly permissive settings like 777