Overview

Recently, Plesk have updated their Advisor extension (previously known as the Security Advisor) to include a score and a number of recommendations. While increased security is always a good thing, the recommendations don’t always consider the whole story. When hosted on the Conetix platform, we have produced a set of recommendations which we have detailed below. Your current score may look something like this:

plesk advisor - conetix recommendations

A low score may not be a full reflection on the overall server security and conversely a high score also may not equate to a secure server. Managing server security can be very complex and Conetix recommends that you throughly understand each option before making any changes.

New Warning June 2021

If you see a dialog similar to:

plesk advisor - conetix recommendations

Please ignore the poorly worded messaging. Your server is NOT vulnerable just because one extension isn’t installed. We do recommend using Multi-Factor Authentication as part of your overall security strategy, however it does not fix vulnerabilities nor should it be used as the singular protection for your website.

Typical Recommendations

Configure ModSecurity & Fail2ban

plesk advisor - conetix recommendations

Conetix Recommendation: Install and configure these if your server has sufficient spare resources and you know what you’re configuring. Enabling ModSecurity and Fail2ban will use increased system resources and may adversely affect any site on your server. Conetix already runs dedicated firewalls which features an Intrusion Protection System (IPS) to filter malicious traffic, as well as a Web Application Firewall (WAF) to help ensure only valid requests hit the server.

Configure the Plesk Firewall

plesk advisor - conetix recommendations

Conetix Recommendation: Do not use

The extension is outdated and not compatible with modern Linux installations.

Instead, Conetix pre-configures firewall rules using the latest tools for you automatically. We also have dedicated, core firewalls in place with a number of explicit blocks (detailed here), to ensure any potentially vulnerable ports are blocked by default.

Configure Scheduled Backups

plesk advisor - conetix recommendations

Conetix Recommendation: Conetix always recommends you run your own backups. We have a guide on this here: https://www.conetix.com.au/support/article/plesk-onxy-scheduling-backup. For an additional cost, Plesk have an extension available which will also copy this backups off to remote cloud storage platforms such as Dropbox, S3 and Google Drive.

Secure Plesk with an SSL/TLS certificate

plesk advisor - conetix recommendations

Conetix Recommendation: We highly recommend using a valid SSL certificate for your Plesk installation and Conetix configures this for all managed servers by default. Click the secure button to use Let’s Encrypt to generate and install a free certificate for you.

Switch to Up-To-Date PHP Versions

plesk advisor - conetix recommendations

Conetix Recommendation: We highly recommend updating to modern PHP versions. We recommend using PHP 7.3 or higher, as 5.6 and 7.0 are end-of-life. This means that they won’t receive any further bug fixes nor minor security fixes. There are also significant performance increases from running PHP 7.1 or higher.

Further Advice

If you have a question about an item not on this list, please just submit a support request and one of our team members will be able to provide further guidance.

Was this article helpful?

Related Articles