Facebook
TwitterPlesk Password Protected
- Thread starter spilias
- Start date
I think that using feature Tools & Settings > Restrict Administrative Access would be more effective.
U
UFHH01
Guest
Hi spilias,
"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).
You could add a password protection like for example
at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!
It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.
"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).
You could add a password protection like for example
PHP:
auth_basic "Plesk Login Screen";
auth_basic_user_file /etc/nginx/.htpasswd;at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!
It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.
Similar threads
