• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Plesk Password Protected

spilias

Basic Pleskian
Hello,

Is it possible to add .htaccess to Plesk Login Page?

I have a server with brute force logins.

Thanks
 
You can use fail2ban feature for protection you Plesk login page from brute force attacks:

ONE.png
 
Hi spilias,

"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).

You could add a password protection like for example

PHP:
        auth_basic "Plesk Login Screen";
        auth_basic_user_file /etc/nginx/.htpasswd;

at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!


It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.
 
Back
Top