Plesk provides comprehensive access management and authentication capabilities to secure your hosting environment. This article explains the security measures we implement to protect your Plesk installation from unauthorized access.

Note: As part of our managed hosting service, our team handles all security configurations. Simply contact our support team with any security requirements or concerns.

Multi-Factor Authentication (MFA)

We implement strong authentication through Plesk's built-in Multi-Factor Authentication system, which provides:

• Time-based One-Time Passwords (TOTP)
• Support for popular authenticator apps (Google Authenticator, Microsoft Authenticator, etc.)
• Backup codes for emergency access
• Per-user MFA enforcement options

Password Security

We enforce strong password policies including:

• Minimum password complexity requirements
• Password expiration policies
• Account lockout after failed attempts
• Prevention of password reuse

IP Access Restrictions

We implement IP-based access controls to:

• Restrict administrator access to specific IP addresses
• Allow access only from trusted networks
• Integrate with Imunify360 for advanced protection

Session Security

Our team configures session security settings including:

• Automatic session timeout
• Concurrent session limits
• Secure session cookie handling

Additional Security Measures

• Imunify360 Integration: Provides advanced intrusion detection and prevention
• SSL/TLS Security: Enforces secure connections to the Plesk interface
• Access Logging: Monitors and logs all authentication attempts

Implementation Timeline

• Basic security setup: 1-2 hours
• MFA implementation: 1 hour
• Custom security rules: 2-4 hours
• Emergency security changes: Immediate priority handling

Best Practices We Follow

• Regular security audits
• Proactive monitoring of authentication attempts
• Immediate investigation of suspicious activities
• Regular updates to security configurations
• Backup access methods for emergencies

Remember: While Plesk provides these security capabilities, you never need to manage these settings directly. Contact our support team with any security requirements or concerns.

Getting Support

For security-related requests:

• Email: support [at] webops [dot] host
• Support ticket system: Available through your client portal
• Emergency support: Available 24/7