Recently, Plesk have updated their Advisor extension (previously known as the Security Advisor) to include a score and a number of recommendations. While increased security is always a good thing, the recommendations don't always consider the whole story. When hosted on the Conetix platform, we have produced a set of recommendations which we have detailed below. Your current score may look something like this:

Plesk Advisor - Conetix Recommendations

A low score may not be a full reflection on the overall server security and conversely a high score also may not equate to a secure server. Managing server security can be very complex and Conetix recommends that you throughly understand each option before making any changes.

Typical Recommendations

Configure ModSecurity & Fail2ban

Plesk Advisor - Conetix Recommendations

Conetix Recommendation: Install and configure these if your server has sufficient spare resources and you know what you're configuring. Enabling ModSecurity and Fail2ban will use increased system resources and may adversely affect any site on your server. Conetix already runs dedicated firewalls which features an Intrusion Protection System (IPS) to filter malicious traffic, as well as a Web Application Firewall (WAF) to help ensure only valid requests hit the server.

Configure the Plesk Firewall

Plesk Advisor - Conetix Recommendations

Conetix Recommendation: Only required for GUI based setups. If you require the ability to edit firewall rules from within a point and click interface, you can install the Plesk Firewall extension to help manage your firewall rules. Conetix also has core firewalls in place with a number of explicit blocks (detailed here), to ensure any potentially vulnerable ports are blocked by default. The Plesk Firewall cannot override these, which means if you require a rule to be allowed then it must be submitted as a support request.

Configure Scheduled Backups

Plesk Advisor - Conetix Recommendations

Conetix Recommendation: Conetix always recommends you run your own backups. We have a guide on this here: https://www.conetix.com.au/support/article/plesk-onxy-scheduling-backup. For an additional cost, Plesk have an extension available which will also copy this backups off to remote cloud storage platforms such as Dropbox, S3 and Google Drive.

Secure Plesk with an SSL/TLS certificate

Plesk Advisor - Conetix Recommendations

Conetix Recommendation: We highly recommend using a valid SSL certificate for your Plesk installation and Conetix configures this for all managed servers by default. Click the secure button to use Let's Encrypt to generate and install a free certificate for you.

Switch to Up-To-Date PHP Versions

Plesk Advisor - Conetix Recommendations

Conetix Recommendation: We highly recommend updating to modern PHP versions. We recommend using PHP 7.1 or higher, as even 5.6 and 7.0 will be at end of life within 6 months. This means that they won't receive any further bug fixes nor minor security fixes. There are also significant performance increases from running PHP 7.1 or higher.

Further Advice

If you have a question about an item not on this list, please just submit a support request and one of our team members will be able to provide further guidance.

Was this article helpful?

Related Articles