Keep Plesk updated – Regularly update Plesk to receive the latest security patches and fixes by following the official update guide link.
Enforce strong passwords – Configure minimum password strength from Tools & Settings → Security → Password Strength as explained.
Restrict firewall ports – Allow only the required network ports for Plesk services by referring to the official port list link.
Secure panel and mail with SSL/TLS – Protect the Plesk interface and mail services using SSL/TLS certificates by following the linked guide.
Enable secure FTP (FTPS) – Encrypt file transfers by enabling FTPS on the server.
Limit Plesk administrative access – Restrict admin login access to trusted IP addresses by applying the method described in the given support article.
Restrict XML API access – Secure remote XML API access by limiting allowed IPs as per the official Plesk guide.
Enable ModSecurity (WAF) – Protect websites from common web attacks by enabling ModSecurity.
Run WP Toolkit security checks – Improve WordPress security by running WP Toolkit security checks and enabling automatic updates using the linked guide.
Install VirusTotal Website Check – Scan websites for malware and reputation issues by installing the VirusTotal Website Check extension.
Enable Multi-Factor Authentication (MFA) – Add an extra login security layer by enabling MFA in Plesk.
Apply Custom Handlers Policy – Prevent customers from overriding handlers via web.config by configuring the Custom Handlers Policy.
Enable DDoS protection – Protect the server from denial-of-service attacks by enabling DDoS mitigation.
Configure FTP passive ports – Ensure secure and reliable FTP connections on Windows Server by configuring the passive port range.
Enable file auditing – Track file changes and detect unauthorized access by setting up file auditing on Windows Server as described in the linked guide.
