Recently, Plesk have updated their Advisor extension (previously known as the Security Advisor) to include a score and a number of recommendations. While increased security is always a good thing, the recommendations don’t always consider the whole story. When hosted on the Conetix platform, we have produced a set of recommendations which we have detailed below. Your current score may look something like this:
A low score may not be a full reflection on the overall server security and conversely a high score also may not equate to a secure server. Managing server security can be very complex and Conetix recommends that you throughly understand each option before making any changes.
New Warning June 2021
If you see a dialog similar to:
Please ignore the poorly worded messaging. Your server is NOT vulnerable just because one extension isn’t installed. We do recommend using Multi-Factor Authentication as part of your overall security strategy, however it does not fix vulnerabilities nor should it be used as the singular protection for your website.
Configure ModSecurity & Fail2ban
Conetix Recommendation: Install and configure these if your server has sufficient spare resources and you know what you’re configuring. Enabling ModSecurity and Fail2ban will use increased system resources and may adversely affect any site on your server. Conetix already runs dedicated firewalls which features an Intrusion Protection System (IPS) to filter malicious traffic, as well as a Web Application Firewall (WAF) to help ensure only valid requests hit the server.
Configure the Plesk Firewall
Conetix Recommendation: Do not use
The extension is outdated and not compatible with modern Linux installations.
Instead, Conetix pre-configures firewall rules using the latest tools for you automatically. We also have dedicated, core firewalls in place with a number of explicit blocks (detailed here), to ensure any potentially vulnerable ports are blocked by default.
Configure Scheduled Backups
Conetix Recommendation: Conetix always recommends you run your own backups. We have a guide on this here: https://www.conetix.com.au/support/article/plesk-onxy-scheduling-backup. For an additional cost, Plesk have an extension available which will also copy this backups off to remote cloud storage platforms such as Dropbox, S3 and Google Drive.
Secure Plesk with an SSL/TLS certificate
Conetix Recommendation: We highly recommend using a valid SSL certificate for your Plesk installation and Conetix configures this for all managed servers by default. Click the secure button to use Let’s Encrypt to generate and install a free certificate for you.
Switch to Up-To-Date PHP Versions
Conetix Recommendation: We highly recommend updating to modern PHP versions. We recommend using PHP 7.3 or higher, as 5.6 and 7.0 are end-of-life. This means that they won’t receive any further bug fixes nor minor security fixes. There are also significant performance increases from running PHP 7.1 or higher.
If you have a question about an item not on this list, please just submit a support request and one of our team members will be able to provide further guidance.