How to Grant Access to Your Website in a Secure Way

A common practice in web development: Outsourcing

Many site owners hire external web agencies to develop their website. In such cases, these site owners need to give access to their Plesk Panel and account to allow the agency to take key actions within the Panel. The most obvious and easy way of doing this is to share with them your access credentials. But stop right there! This is NOT A SECURE way to solve this task!

Luckily, Plesk has the solution. As you may know, for several years Plesk has been offering the functionality of ‘additional users’, which allows you to share such access in a secure way. Let’s take a closer look:

Step-by-step Guide to Sharing Access Securely

1. Go to ‘Additional Users’

The ‘Additional users’ functionality is easy to find in the two different Plesk views:

In Power User view (mostly used by Web Agencies and individual server owners):

Web dev outsourcing Plesk blog

In Shared Hosting (aka. Service Provider, mostly used by Hosting providers, who offer classic shared hosting) view, you can find the additional user account in the settings for particular subscriptions.

Web dev outsourcing Plesk blog

To begin, enter the ‘Users’ tab to create a new (additional) user.

2. Choose which website(s) (Subscriptions) the New User can access

Once you have clicked the ‘Users’ tab of your Plesk panel, you can create a user account as seen in the screenshot below. Using the ‘Access to subscriptions’ field, you can grant access to a particular subscription, or to all your subscriptions, depending on the purpose.

Web dev outsourcing Plesk blog

3. Select User Roles

You can also specify a role for the new user. The role defines which permissions will be given to the user.

Web dev outsourcing Plesk blog
There are predefined roles, which can be managed via the ‘User Roles’ tab – or you can create and define your own. These user roles can then be assigned to any new user.

A User Role is a set of permissions regarding your website (or subscription) operations:

Web dev outsourcing Plesk blog

Note: Administrator role cannot be redefined, it always has all permissions.

You could also require account activation of a new user account by email. In such cases, the user will be activated only after they confirm their account by email.

So, let’s recap:

  • The secure way to grant access to your website(s) is to use the ‘additional users’ feature.
  • Such a user can get access to a particular website (or subscription) or to all your websites (subscriptions). It’s managed by the user account properties.
  • Roles should be assigned to a user, which means a set of permissions. Such a role can be created/ re-defined.
  • As soon as you don’t need to share your website any more, you can easily remove a user account.
  • You can manage the additional users via Plesk Panel UI (‘Users’ tab) and the CLI

Useful references

Want to learn more about how users work on Plesk? Check out the complete documentation below:

🔍 ​​Plesk official documentation about additional users
🔍 Manage additional users via CLI

One comment

  1. As soon as you don’t need to share your website any more, you can easily remove a user account.

Add a Comment

Your email address will not be published. Required fields are marked *


  • Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

Related Posts

Knowledge Base

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.