🔐 How to Secure Your Plesk Server (2025 Guide)
By Farooq Junejo • Tech Expert & Founder of Hostiget
Plesk is a popular control panel for web hosting, but its default configuration may leave your server open to threats. In this 2025 guide, I’ll show you how to harden your Plesk server against common attacks, spamming, and vulnerabilities.
1. Enable Fail2Ban
Fail2Ban protects against brute-force attacks. In Plesk:
- Go to Tools & Settings → Fail2Ban
- Enable the service and common jails like sshd, plesk-login, postfix
- Set ban time, find time, and max retries wisely
2. Use SSH Key Authentication
Disable password login for SSH and use key-based authentication:
- Edit `/etc/ssh/sshd_config`
- Set `PasswordAuthentication no`
- Restart SSH: `systemctl restart sshd`
3. Keep Plesk & OS Updated
Run the Plesk updater regularly or enable auto-updates:
- Use the Plesk interface or run: `plesk installer update`
- Use tools like KernelCare for automatic kernel patching
4. Secure Mail Server
Email is a common attack vector:
- Enable DKIM, SPF, and DMARC in DNS settings
- Limit outgoing mail per domain to prevent abuse
- Use ClamAV and SpamAssassin
5. Install ModSecurity
Activate the ModSecurity WAF with OWASP rules:
- Tools & Settings → Web Application Firewall
- Choose “Atomic Basic” or OWASP ModSecurity Core Rule Set
6. Regular Backups
Use Plesk’s built-in backup manager and schedule regular full and incremental backups.
7. Bonus Tips
- Disable unused services like FTP or telnet
- Limit admin login by IP if possible
- Use 2FA for Plesk login
Securing your server is not a one-time task — make it a habit. Keep learning, stay updated, and always monitor your logs and notifications.