Facebook
Twitter-
Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
To continue sharing your ideas and feedback, please visit features.plesk.com
Plesk Password Protected
- Thread starter spilias
- Start date
I think that using feature Tools & Settings > Restrict Administrative Access would be more effective.
U
UFHH01
Guest
Hi spilias,
"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).
You could add a password protection like for example
at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!
It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.
"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).
You could add a password protection like for example
PHP:
auth_basic "Plesk Login Screen";
auth_basic_user_file /etc/nginx/.htpasswd;at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!
It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.
Similar threads
