The Plesk Onyx Security Quiz | 5 Minutes

It’s time for our second monthly edition of the Plesk quiz. Here to challenge your knowledge and see how you stack up against your peers. But mostly, to check if we’re doing alright in making sure you get the most of what we can offer. So today, we’ll be testing how much you know about Plesk Onyx Security.

Plesk Onyx Security Features and Tools

How well can you manage security of your Plesk server and protect it from common types of attacks? Maybe you know that we have an entire Security section inside our extension catalog for you to use. Including Let’s Encrypt to issue free SSL certificates and protect connections to your sites, Plesk interface, and mail server.

Plus, we’ve got robust in-built tools in order to enhance Plesk panel security. Like Web Application Firewall (ModSecurity), which protects sites and web applications from attacks.  And Fail2Ban for brute-force protection via IP address banning. Are you on top of it all? Then get ready to test your Plesk Onyx Security basics and more.

Plesk Onyx Security Quiz

Boom – 14 questions below, just for you. Select your answers to get your score (and no cheating!).

  • This field is for validation purposes and should be left unchanged.

How did you do?

Finally, how was it? Got the score you thought you would? Did you get close but aren’t quite there yet? Let us know in the comments below or on Twitter or Facebook. You’ll see how your peers found the challenge.

Think you can do better yet? Fortunately, there’s a free Plesk University course, dedicated to learning more about Plesk Onyx SecurityThere may be something you’re missing.

First, hit the button below to get the course. Then complete it for a certificate. Are you new to Plesk University? Then sign up first in a couple of clicks and hit “Get this Course”.

An intro to Plesk Security Course: Part 3 [Video]

Plesk Security Course

We hope you’ve had a chance to get on the bandwagon and have a look at the Plesk Security Course . You can find all you need to know about this newest addition in our Plesk University catalogue. Then take the course for free! You’ll join our booming number of users who are learning to get tip-top security while working with our platform.

Preview Security Course

But if you’ve only got a few minutes, we’ll give you a quick one-minute guide for creating your own free SSL certificates in just a few clicks. Welcome to Let’s Encrypt – one of our best-rated Plesk extensions. This certificate authority (CA) gives all Plesk users the power to get a free certificate for each domain they own.

Let’s Encrypt: Protect your website in 3 steps

In our final security video, you’ll see how this handy Plesk extension makes you more reliable. Because with Let’s Encrypt, you’re not just encrypting the connection between the website and the visitor’s browser. You’re also displaying your website as trusted.

Video: 1:03 minutes

As a result, visitors will not see a warning about the certificate’s authenticity. This tops self-signed certificates (free but not trusted), especially when securing an E-commerce website.

Let’s Encrypt not only issues free SSL certificates, but also provides the tools to recall and renew them. Something that should save system administrators loads of time and effort.

What’s Going on in this Video

1. When you create a new domain, subscription or subdomain – you can protect them immediately with Let’s Encrypt certificate.

2. For already existing domains, open the domain’s toolbox and click Let’s Encrypt. Select whether you want to protect www. and webmail. subdomains, as well as any aliases of the domain.

3. To protect your platform and mail server, go to Tools & Settings > SSL certificates. And create a new Let’s Encrypt certificate.

Let’s Encrypt Key Features

  • Works out of the box, no setup or CLI commands required
  • Signing of SSL certificates for domains and subdomains
  • Automatic renewal of all certificates
  • Additional domains are now supported
  • Can create a cert for the Plesk panel itself

So give all your sites and apps a secure and trusted certificate with this free Plesk extension. And let us know how it goes in the comments below!

Itching for more ways to up your security while on our ecosystem? Then get started on our Plesk Security course.

Preview Security Course

An introduction to Plesk Security Course: Part 2 [Video]

Plesk Security Course

Our all-new Plesk Security Course is just a couple of weeks old and keeps making waves among our Pleskian friends. More and more of our users are learning how to become as secured as they can be while using Plesk. You can find all you need to know about this course in our Plesk University catalogue and give it a whirl – for free!

Preview Security Course

Meet the Security Advisor

In the meantime, we wanted to share a little extension that can spare you from being one of 37,000 websites hacked daily. Meet our Security Advisor. In part 2 of our security video series, you’ll see how this handy Plesk extension can boost performance. And more importantly, fortify your website in a single click.

Video: 45 seconds

What’s Going on in this Video

The Security Advisor Extension comes pre-installed with your Plesk control panel and is available right from the Home screen. You’ll get 3 tabs to manage: Domains, WordPress and System.

  1. First, you’ll see how Security Advisor helps you protect all of your website domains with Let’s Encrypt! SSL certificates. All this with a click of a button.
  2. We’ll show you how to switch your WordPress websites to HTTPS. But note that if WordPress was installed by means of WordPress Toolkit, they’re already switched to HTTPS.
  3. The System tab advises you to allow server protections – enable HTTPS/2 and protect Plesk control panel itself with a Let’s Encrypt! certificate. Also, installing third-party security extensions.

In the end, you’ll be protecting Plesk and all your website domain using the same helpful extension – the Security Advisor.

Security Advisor Key Features

  • One-click SSL
  • One-click HTTP/2
  • HTTPS for WordPress
  • Centralized security management

Nowadays, HTTPS is essential for any website. When you turn HTTP/2 on, you can improve your page-response-times by 10%. So make all your sites and apps secure with this free Plesk extension. Then have a look at our Plesk Security course below for more ways to up your security.

Preview Security Course

An introduction to Plesk Security Course: Part 1 [Video]

Plesk Security Course

Have you seen our brand-new Plesk Security Course? It’s fresh in our Plesk University catalogue since Sept. 25 – and free for all our users. We figured we’ll help spring you forward so you can make your Plesk server the most secure it can be.

Preview Security Course

So let’s cover the basics. Here’s the first in a series of 3 quick videos that will bring you up to speed and achieve top security status for you and your customers.

The 3 security settings you need to adjust

Video: 1:17 minutes

What’s Going On in this Video

After installing Plesk, you need to do 3 important things:

1. Increase password strength

2. Restrict creation of DNS subzones

3. Enable prohibited domains list.

Increasing password strength

We recommend strong and very strong passwords. In this speedy guide, Plesk will help you and your customers create safer passwords with the right strength.

Restricting DNS subzones

We really believe preventing fraud and phishing should be one of our users’ top priorities. Follow the video to enable the DNS sunbzones restrictions. And this way, your customers won’t be able to create domains that look like subdomains of other customers’ domains. For example, if CustomerA owns, CustomerB won’t be able to create

Enabling prohibited domains list

No matter your business or website ambitions, you will need to protect yourself against mail interception. What is this? Well some unscrupulous customer may be able to create a domain like, or even your own domain ( on Plesk. This sucks because from that point on, mail addressed to these kinds of domains will be delivered to your local domain, and not the real one.

That sums up what you need to do right after installing Plesk. Changing these settings won’t affect objects that already exist on the server, like domains, passwords, and so on. Ready to get started? There’s more in our Plesk Security Course

Preview Security Course