Three New Web Application Threats and their Solutions

Web Application Threats

Malicious users will try to access your web application without your consent. Therefore, you should implement the necessary security features to protect yourself from new web application threats: Spoofing, information disclosure and data tampering. Let’s see how together we can mitigate threats using Plesk security tools.

1. Spoofing

Spoofing

Spoofing is one of the modern web application threats, despite security measures you may implement back-end to protect users’ credentials. It’s pretending to be someone or something other than yourself. And it can happen in many ways.

Fake User Authentication

Attackers can create a fake login page similar to that of a web application to trick users to log in. So that they can steal users’ login credentials. For spoofing, attackers can even use SET (social engineering tools) to clone a login page of a popular web application.

Fake User Authentication

Cross-Site Request Forgery (CSRF)

Cross-site request forgery tricks a web browser into executing an unwanted action. Like transferring funds from one account to another account in a web application where a user is already logged in. Attackers usually use social engineering tricks to implement CSRF by sending links to authenticated users on social media. In other words, those already logged into a web application.

Then unsuspecting users end up sending a forged request to a server on behalf of a malicious user. Though it’s quite difficult to prevent this, below is how you can mitigate cross-site request forgery.

How to Prevent Spoofing Threats

  • Implement an SSL/TLS Certificate

To defend against authentication spoofing, make sure that a web application such as banking portal has an SSL/TLS certificate in place. Plesk lets customers get these certificates for free in just a few clicks.

Spoofing Threat Prevention

Even less technical customers can use the Let’s encrypt extension on Plesk platform to easily create SSL certificates for their domains. And make it difficult for attackers to create spoofing attacks.

Generate Random Tokens  

Otherwise, to prevent forged requests, you can even use tokens to validate GET/POST requests from users. For example, to enable csrf protection in Flask-based applications, you can use the Flask extension CSRFProtect by enabling it globally.

from flask_wtf.csrf  import  CSRFProtect

csrf =  CSRFProtect(app)

Alternatively, you can use FlaskForm to prevent forgery request in flask web applications. However, the standard way of preventing CSRF threats in Java or PHP web applications is by implementing an anti-CSRF token only visible to the user’s browser and web application inside a session variable with a request. If the value of the session variable and hidden form field match, the user’s request is accepted.

2. Information Disclosure

Information Disclosure Threat

Allowing unauthenticated users to access documents restricted to only authenticated users can be defined as information disclosure. The following describe diverse ways information disclosure can take place.

IDOR – Indirect Object Reference

IDOR attack is possible when a web application provides direct access to the object based on a user-supplied input. It makes it possible for unauthorized users to access resources restricted to them. Let’s assume user A logs in to a banking web portal, then the user is redirected to the following url:

https://mybank.com/acc=00012345

In this case, 00012345 is user A’s account number. If the user wants to access other customers’ account details, user A just needs to change acc=00012345 to acc=000112367.

Therefore, the above action allows a user to access account details of another user without the owner’s consent.

How to prevent

There are different ways to prevent indirect object reference.  Another way to prevent exposure of real identifier to an internal object, like database record, is using a salted hash value to replace the identifier.

https://mybank.com/acc=00012345

https://mybank.com/acc=12eryrxhwgq

SQL Injection

SQL injection is one of the most common ways malicious users use to disclose information restricted from public view.  Attackers can send commands such as SELECT to download an entire database, CREATE to create new users in the database or UPDATE to modify accounts.

How to prevent

You can use prepared statements to prevent an attacker from changing the purpose of a query. A prepared statement separates the query from the data. Thus, the data submitted by an attacker can’t be used to modify the query. Moreover, for flask developers, you can also prevent SQL injection by using SQLAchelmy to interface with the database. It comes with features to prevent SQL injection threats.

3. Data Tampering

Data tampering is the act of intentionally modifying data through unauthorized channels. There can be two states of data: in transit and at rest. In both instances, malicious users can intercept and tamper with data. Here’s how data tampering can take place.

Parameter Pollution

Let’s assume a web application allows users to send sensitive data. Like login credentials or transact funds via GET and POST methods. In this case, an attacker can tamper with URL parameters and modify data.

To prevent parameter pollution threats in a web application, you need to encode user-supplied input whenever a user sends a GET/POST request to the backend server.

Session hijacking

Session hijacking

Session hijacking is also another type of attack where malicious users steal session cookies. Each user is assigned a session when they log into a web application. The sessionID is usually stored in a cookie. Attackers use session hijacking to modify data in transit from the client (web browser) to the web server.   

How to prevent: Generate Random Session IDs.

Moreover, Plesk also provides loads of security extensions for customers to prevent or mitigate threats not mentioned above. For example, the Sucuri Security Scanner extension on Plesk to remotely detect website security issues and weaknesses in the source code.

Sucuri Security Scanner on Plesk - Screenshot

Avoiding these new web application threats

Having said that, don’t just rely on Plesk extensions to protect web applications from web attacks. You also need to use your own secure coding practices to mitigate these threats. So, equip yourself, but stay vigilant.

Three TED talks on Technology that will blow your mind

We’re living in an era that reveals new innovations on the daily. From automation to complex and brilliant security systems, the future of technology is being shaped by minds like these three whose ideas elevate our minds and spark our imagination.

Watch our top TED Talks on technology

These three speakers have tested the boundaries of how we can integrate the physical world and the digital one. Here are three must-watch TED talks on technology that have mesmerized us and left us wondering what the future holds.

Will automation take away all our jobs? | David Autor

As a company focusing heavily on automation and simplicity as a time-saving solution, we found David Autor’s paradox intriguing. He says that in the last century, despite having created machines that to do our work for us, the proportion of adults in the US with a job has consistently gone up for the past 125 years.

So why hasn’t human work become redundant yet and how are our skills still not obsolete? In this talk about the future of work, economist David Autor addresses the question of why there are still so many jobs and comes up with a surprising answer. Do you agree with his theory?

Hackers: the internet’s immune system | Keren Elazari

Keren Elazari is a cybersecurity expert who claims that we actually need hackers in today’s day and age. Her shocking exclamation comes from her belief that hackers force us to evolve and improve. “They just might be the immune system for the information age”, she says.

Some hackers are fighting corruption and defending our rights. They also expose the loop holes and vulnerabilities in our systems and make us fix them.

But not all hackers use their superpowers for good. Would you take any chances with security loopholes? Let us know what you think about this video and learn more about Plesk security here.

 

Are you safe? Take the Plesk Security Quiz.

The mind behind Linux | Linus Torvalds

This is the guy who has transformed technology, not once, but twice. Linus Torvalds first gave us Linux kernel, which helps power the Internet, and then Git, the source code management system that developers use all over the world. This is more than a talk, but an interview where Torvalds discusses his personality traits which shaped his work philosophy and engineering. Plus, some useful open source tips for the developers watching.

“I am not a visionary, I’m an engineer,” Torvalds says. “I’m perfectly happy with all the people who are walking around and just staring at the clouds … but I’m looking at the ground, and I want to fix the pothole that’s right in front of me before I fall in.” Are you like Linus and do you agree with his philosophies?

Empowering you with TED talks on technology

As we got a glimpse of what these three researchers presented on stage, the common theme in all of the talks was making a better digital world together. Technology can empower people by educating them and giving them a voice, future designs succeed in bridging the two worlds together. A concept we at Plesk are on definitely board with.

The Plesk Onyx Security Quiz | 5 Minutes

It’s time for our second monthly edition of the Plesk quiz. Here to challenge your knowledge and see how you stack up against your peers. But mostly, to check if we’re doing alright in making sure you get the most of what we can offer. So today, we’ll be testing how much you know about Plesk Onyx Security.

Plesk Onyx Security Features and Tools

How well can you manage security of your Plesk server and protect it from common types of attacks? Maybe you know that we have an entire Security section inside our extension catalog for you to use. Including Let’s Encrypt to issue free SSL certificates and protect connections to your sites, Plesk interface, and mail server.

Plus, we’ve got robust in-built tools in order to enhance Plesk panel security. Like Web Application Firewall (ModSecurity), which protects sites and web applications from attacks.  And Fail2Ban for brute-force protection via IP address banning. Are you on top of it all? Then get ready to test your Plesk Onyx Security basics and more.

Plesk Onyx Security Quiz

Boom – 14 questions below, just for you. Select your answers to get your score (and no cheating!).

  • This field is for validation purposes and should be left unchanged.

How did you do?

Finally, how was it? Got the score you thought you would? Did you get close but aren’t quite there yet? Let us know in the comments below or on Twitter or Facebook. You’ll see how your peers found the challenge.

Think you can do better yet? Fortunately, there’s a free Plesk University course, dedicated to learning more about Plesk Onyx SecurityThere may be something you’re missing.

First, hit the button below to get the course. Then complete it for a certificate. Are you new to Plesk University? Then sign up first in a couple of clicks and hit “Get this Course”.

The Complete Guide to Your First Joomla! Installation from Plesk panel

Joomla! Installation

Joomla! ranks as one of the most popular Content Management Systems worldwide. But running a secure Joomla! installation is not a one-shot task. Join us for a session on how to build, secure and run your first Joomla! installation on a fresh Plesk Server. In order to help you streamline the process a bit, we recommend that you first install our Joomla! Toolkit.

Build your first Joomla! on Plesk

Installing your first Joomla! on a Plesk server became one of the easiest tasks since we introduced the Joomla! Toolkit. Because it can perform menial and repetitive jobs. You can start the installation directly from “Websites & Domains” as below.

joomla-toolkit-screenshot-your-guide-to-your-first-joomla-installaton-using-the-plesk-joomla-toolkit

Joomla! Installation

The Installation itself is simple. Because you only need to select the domain, subfolder, username, password and whether you want to install demo data. After installing, we’ll head straight into the new Joomla! instance. You can either log in from http://{{your-url}}/administrator or use the single Sign-On feature of the premium Joomla! Toolkit.

Joomla! wrapped in a secure environment

Security’s one of the main tasks for an administrator of a Joomla! website. This little checklist should help you with the first batch of security tasks.

  • Use the “protect folder” function to create an .htaccess protection for your Joomla! backend.
  • Activate https for your website by using an SSL certificate.
  • Use the latest PHP Version.
  • Force strong passwords in Joomla! and activate an 2FA extension.
  • Create separate user accounts for Administration and Content Creation.

On top of these tasks, you should always check to keep the system up-to-date. This includes the Joomla! installation, extensions, PHP, Plesk and the OS itself. To double-check, you can even use the Security Scanner from the Joomla! Toolkit. In order to identify any potential to up your security.

Follow the steps from our Advisor to learn more about security and how to stay on top of yours. But don’t forget to come back from time to time, as our Advisor’s always learning new things too!

Time to run your Joomla! Website

Now that you’ve installed Joomla! and completed the first batch of security tasks, we want your Joomla! website to run. And for this, we need it to be highly available and fast. Therefore, we can tweak Joomla! itself and the server to gain the best performance. Maybe you’ve already activated HTTP/2 from the Advisor. But there’s more to tweak right from your Plesk installation.

Inside the Joomla! Toolkit

You can now activate the caching on file level inside the “System”-Configuration. But the best trick to keep your Joomla! instance fast? Use as few extensions as possible. Because most extensions bring their own JavaScript and CSS files, which are then loaded on your pages.

Next up: Caching. Select “Apache & NGINX settings” from your domain overview and scroll down to enable the Microcaching of the NGINX server.

And there you have it – your first Joomla! installation: Complete. Let us know how it’s worked for you in the comments below. We love feedback! <3

New Plesk Extensions on the Loose: May Edition

New Plesk Extensions

Reporting the latest additions to the Plesk extensions catalog. All the extensions you see here are available to download or purchase as of the time of writing – May 2018. Inside this month’s edition, we highlight new ways you can improve speed and security of your websites and servers. In order to give you both peace of mind and better performance out of your web domains.

Juggernaut Security and Firewall

Plesk Extensions - Juggernaut

First of all, we have the latest member of the gang – Juggernaut Security and Firewall. An all-in-one security extension that Danami designed especially for the needs of power users and server-providers. This extension adds an extra layer of security. One that goes beyond the default settings that most users usually optimize for themselves.

Offering experienced sysadmins a wider range of features and increased flexibility. These advanced features include SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, dynamic block lists and geo-blocking.

Juggernaut is a paid extension. And version 2.05 is now available in the Plesk catalog. You can try it for free for 15 days. Then you’ll get two free months when you sign up for annual billing.

Speed Kit

Plesk extensions - Speed Kit

As a result of recent studies, we know that lower page load times directly link to an increase in traffic. Not to mention lower bounce rates. And hence, higher visitor retention on your website. All these things will eventually lead to higher conversion rates.

Speed Kit promises to boost your page loading speed by 50-300%. How? By re-routing web traffic through its caching infrastructure. Even more, it takes just one click to improve your website’s performance with Speed Kit.

After you install, the extension performs an in-depth speed analysis, determining the improvements that you should implement to boost your site’s metrics. When you store a copy of your site in the accelerated framework, users can access your page in an instant from their browser. Even when they’re offline.

Sucuri Security Scanner

Sucuri Extension on Plesk

Seems like Sucuri Security Scanner uses the public API of Sucuri SiteCheck to detect malicious elements on your website. In an effective way. This extension will let you schedule regular scans effortlessly. Thus, helping you monitor for malware all the time and receive timely notifications about your site’s status.

Sucuri Security Scanner includes the following features:

  • Detecting website malware infections.
  • Monitoring blacklist status.
  • Setting up scans as a scheduled task.
  • Receiving email notifications for security issues.
  • Viewing website security details and information.

Nimbusec Webhosting Security

Plesk Extensions - Nimbusec

And finally, we have Nimbusec. Another security monitoring extension for websites that you can find in our catalog. It will scan your website domains over and over again. And then report any potential threats on a centralized dashboard.

Nimbusec Webhosting Security can detect the following online threats:

  • Backdoors and web shells.
  • Overdue CMS updates.
  • Malware.
  • Defacement.
  • Blacklisting.
  • SSL certificate problems.

All in all, security should be a number one priority when maintaining your servers. So if you feel overwhelmed by all our security extension options, feel free to get in touch and chat.

And that’s all the extension news this month. Stay tuned for our next overview of latest available extensions in our June edition. Meanwhile, are you curious for more? Check out the 100+ more Plesk extensions we’ve got available in our catalog.

What is a Control Panel? Everything you need to know

Managing web services offered by a hosting provider used to require extensive sysadmin knowledge, including the ability to control server services via CLI. For some experts, this can be an effective way to manage servers. But for most system admins, a control panel with a GUI presents a much easier way to manage and monitor all hosted services you use.

This smoothens how you manage your services – be it web hosting, mailboxes, server databases, DNS settings and more. Monitoring is another important control panel function. And the better hosting control panels will offer you ways to stay abreast of CPU, memory and bandwidth use.

Superiority and functionality of panels will vary. But what you need to look out for is a user-friendly GUI, the ability to run Cron jobs as well as advanced security features. Let’s go for a full run-through what your next control panel should look like, what to expect, and what you shouldn’t settle for.

Basic elements of a Control Panel

Effectively take charge of a website hosting environment and make sure the website control panel you choose offers the following essential, basic functions.

Domain and DNS Management

You depend on domains to access website resources. Hence, your control panel should have a section that lets you manage everything about the domains you’re hosting on your server. This includes new add-ons and subdomains, or managing existing ones.

Subdomains

Subdomains allow you to create a separate website area or an entirely new website. All while still using your main domain name. So it can be useful to add a prefix to your website domain name, such as support.domain.com. Your control panel needs to allow you to create as many subdomains as you need. The power’s yours!

Add-On Domains

Most control panels will give you the option to add a number of domains to the hosting environment. You’ll find these as “Add-on domains”. Now, you can choose to assign an add-on domain to a specific website. Or you can simply park it if you currently don’t want the domain to point to any website. Note that a parked domain can point to an existing website. So in this case, every request for that domain is simply redirected to another website of your choice.

DNS Management

Can you imagine if all your DNS data was scattered? You can usually host all the DNS data for a domain on your hosting environment itself. Including the entire range of DNS records, like nameserver and A records, MX records and TXT records. The right hosting control panel for you will allow you to fully customize DNS for each add-on domain you host.

File Manager

Organization is key. How can you keep track of all your the files on your server? You need an easy way to upload, remove and manage these files. So your control panel should present a GUI that enables quick and easy file management. The simpler, the better. Because whether you use a CMS such as WordPress, or not, file management is a basic daily task for admins. Solving CMS issues is also much quicker with a file manager. There is an alternative – enter FTP (File Transfer Protocol), still supported by most control panels, to be honest. But FTP requires using a separate software application which you’ll need to set up on the side.

Mailbox Management

You’ll have multiple email accounts (also known as mailboxes) associated with each domain. Your control panel should come to the rescue here too by letting you create, remove and otherwise manage these accounts. It’s common for web hosting packages to include POP3 or even IMAP email free of charge.

Mail forwarding is another important feature you should look out for. Doesn’t matter whether you are forwarding to an internal email account or an email account hosted elsewhere. Another common practice for control panels is allowing you to configure anti-SPAM solutions ( including DKIM, SPF and DMARC ). Handy because it lets you monitor and protect incoming emails against blacklists and open-source filtering databases.

Here are three great tools that free you from junk email by the way.

Logging and Monitoring

Every system administrator should stay on top of key usage statistics, such as visitor counts, memory use and the total use of bandwidth. A control panel will help you identify websites which use excessive amounts of server resources. As well as enable you to avoid high bandwidth charges – before it is too late.

Advanced Control Panel Features

Not every control panel offers the same features. Although you should make sure basic elements are covered, we recommend you consider the following features too when you evaluate a control panel.

Security: TLS/SSL

The ability to manage TLS/SSL is an essential feature of your control panel. These encryption features prevent your confidential data from getting intercepted. So you can protect user credentials and credit card numbers that hackers can effortlessly steal, via something as common as an unsecured wifi connection.

Check out 5 tips to make your site and server more secure.

Further Security Features

Here at Plesk, we expect all control panels to offer more advanced security features in this day and age. For example, you can get protection against HotLinking. What’s HotLinking? Well, it’s when an unscrupulous website owner links videos or images on your website. And then they display these media assets as their own content.

There are two problems with this. First, the website is stealing your content. Secondly, it’s stealing your bandwidth. HotLink protection can restrict the access other servers have to image files on your server.

Also, consider that you need to be able to block access to a web server directory in all cases. Unless there’s a file that the web server can load, such as index.html. Leaving directory access unrestricted can lead to security threats taking hold.

Read more about why Security is important and how Fail2ban, ModSecurity, and Firewalls help.

ModSecurity

Have you thought about unauthorized users? Included in some control panels, ModSecurity is an application firewall that’s operated on an open-source basis. And it helps you monitor applications, while also logging activity and implementing access limits where necessary. One way of blocking access is by blocking IP addresses. ModSecurity will help you do this.

It also helps to have SSH access, which gives you encrypted file transfers and logins. Useful to configure the remaining services that you cannot configure via the control panel.

Automation

There’s only so much time in a day, right? And you don’t want to be working round the clock. Automating server maintenance is useful for system administrators because it frees up time they can use for other tasks.

Many control panels allow you to use Cron as a scheduler, which runs scripts at specific times on specific days. Great for automating server tasks like database view updates, performing backups and checking your site for broken links.

Custom Error Pages

Standard rule of System administration – Glitches will happen. And you don’t want to serve an unprofessional error message to customers, revealing who your hosting provider is. This is where the custom error message comes in.

You can customize a range of messages in a worthy control panel, including the typical “404 – not found” message. Your messages can, of course, be more descriptive and contain elements including your company logo and instructions on finding help.

Managing Databases

The bigger the website, the more users and the more content involved. Larger websites will manage content by means of a database. Any CMS, such as WordPress, will install a database on your web server. As is the case for most e-commerce platforms.

In turn, many hosting services supply MySQL as an open-source DBMS (Database Management System). Your control panel will let you add, configure and remove databases as you need.

Custom versus Commercial and Open Source Control Panels

Web hosts tend to offer one of two types of control panels. One is a commercial or open source control panel. Usually purchased from a third party, like a million other web hosts around the world. Or you can have a custom panel that is proprietary to the web host, often developed in-house. Custom control panels can be very clean and easy to use. But be aware that they are sometimes unexpectedly limited in functionality.

Some custom control panels, however, are a real mess and become more of an obstacle when it comes to server management tasks. Beginners can also struggle to switch from a custom panel to a more fully-featured panel later on. If you choose a host that uses a popular control panel, like Plesk, you’ll find you can easily switch to another host without needing to re-train your staff on the new control panel.

But if you’re confused, see which made our list of hosting control panels for 2019.

So why have a Control Panel?

You’ll find control panels included in almost all hosting packages. The control panel your host uses is unlikely to be the most important factor you consider when choosing a host, but it’s an important consideration nonetheless.

And as with any software product, the optimal way to evaluate a website control panel is to experience it yourself. Most panels offer a live online preview or free trial which helps you evaluate the functionality and GUI user-friendliness. Plesk offers a free trial, so while you’re here, check it out and see how it feels.

It’s a good idea to try and perform the routine tasks you regularly perform and to compare how long it takes you. A visually-stunning control panel is not necessarily the most effective tool. Luckily we’re a bit of both. But don’t take our word for it. Try it out before you decide, and get in touch with us if you need to.

What’s new on Plesk Onyx? The March 2018 Update

Have you heard? We’re coming at you with a huge update to our all-in-one platform. You spoke, we listened. So we’ve further aligned Plesk Onyx to the way web professionals work today. And the types of infrastructure hosting sites and web applications use at the minute. Hence, we focused on 5 main areas: Site Performance, SEO, WordPress, Security and Cloud integration. Check it out.

The Fast-Building Part

We’ve improved onboarding for you and your customers. Hello, simplified registration and social login! As soon as you’re on, you get the First Steps Advisor to guide you through the initial steps. Like adding a domain, creating mailboxes and of course enabling your security measures.

We made an SEO Toolkit. Now you can count on Plesk to help analyze your websites, without having to look elsewhere.

  • You’ll get Site Audit for common SEO issues and receive optimization recommendations.
  • Instantly review search engine crawler activity on your sites with Log File Analyzer. Then track your keyword ranking in order to adopt the right SEO strategy.
  • Finally, think smart and monitor your competitors. So that you can react to their and your ranking changes fast.

Consider the WP Toolkit enhanced with single-click NGINX caching and AI updates.

  1. Let’s introduce you to Smart Updates by AI. Using Deep Learning Technology, you’ll bring your WP instances, plugins and themes up to speed.
  2. Configure NGINX caching to significantly speed up every WP site. And while you’re at it configure your plugin and theme sets to come preinstalled with every new WP instance.
  3. Feel safer when updating because you can now have additional restore points before updating WP or syncing data.
  4. Speaking of safe, we’ve added pingback attack protection for extra security.
  5. With all that in place, open shop and activate your eCommerce. Choose to install WooCommerce on the new Plesk Onyx. Learn more about setting up a WooCommerce online store.
  6. You’ll also find that we’ve made WP management and UX better to accommodate more and more users.

The Tighter Security Part

Out with Security Advisor and in with the all-new Plesk Advisor. This is because we’ve expanded this system-wide. You’ll get recommendations, fixes and enhancements for security, performance, reputation, updates, backups and more.

Combine our new SSL certificate manager with the ‘Keep me secured’ feature. Breaking this down, it monitors and automatically secures Plesk, new domains, subdomains and webmail with SSL certificates. You can even choose between Let’s Encrypt or Symantec SSL certificates. Domain Validation (DV) certificates are free, but you can also choose to purchase Organization Validation (OV) or Extended Validation (EV) certificates directly from Plesk.

The Part Where You Run on Schedule

Get up close with Hyperscale Cloud services. It’s easier than ever to integrate AWS with your system using AWS toolbox (RDS, Route53). Experience an elevated backup-to-cloud experience or integrate your own cloud storage backup. We’re talking incremental, scheduled, self-restore, granular restoration for sites, files, databases, mail accounts and more. Not to mention the improved passive FTP support and Maintenance mode

We gave the Plesk Extensions Catalog a facelift. You’ll see the catalog is completely redesigned with intuitive navigation, rapid search, and fast auto-updates (within 24 hours). And let’s face it, our 100+ extension list is currently unmatched.

The repairing and monitoring tools are smarter than before. Yes, it’s possible. The self-repair tool can find resource-consuming processes without SSH and CLI. So you don’t need an expert to do the work. Detect and limit resources by subscription to ensure your infrastructure’s integrity.

Find your fit with the new Plesk Onyx 17.8

Your complete set of technical, security and automation tools – all in one place. We’re a leading WebOps and Web Hosting platform for a reason. Want to effortlessly build projects, secure against vulnerabilities and automate daily tasks – all in a day’s work? Then let us help with Plesk Onyx 17.8.

See which Plesk edition fits you best. If you’re already a Plesk user, get in touch – and see if we can offer you something better.

An intro to Plesk Security Course: Part 3 [Video]

Plesk Security Course

We hope you’ve had a chance to get on the bandwagon and have a look at the Plesk Security Course . You can find all you need to know about this newest addition in our Plesk University catalogue. Then take the course for free! You’ll join our booming number of users who are learning to get tip-top security while working with our platform.

Preview Security Course

But if you’ve only got a few minutes, we’ll give you a quick one-minute guide for creating your own free SSL certificates in just a few clicks. Welcome to Let’s Encrypt – one of our best-rated Plesk extensions. This certificate authority (CA) gives all Plesk users the power to get a free certificate for each domain they own.

Let’s Encrypt: Protect your website in 3 steps

In our final security video, you’ll see how this handy Plesk extension makes you more reliable. Because with Let’s Encrypt, you’re not just encrypting the connection between the website and the visitor’s browser. You’re also displaying your website as trusted.

Video: 1:03 minutes

As a result, visitors will not see a warning about the certificate’s authenticity. This tops self-signed certificates (free but not trusted), especially when securing an E-commerce website.

Let’s Encrypt not only issues free SSL certificates, but also provides the tools to recall and renew them. Something that should save system administrators loads of time and effort.

What’s Going on in this Video

1. When you create a new domain, subscription or subdomain – you can protect them immediately with Let’s Encrypt certificate.

2. For already existing domains, open the domain’s toolbox and click Let’s Encrypt. Select whether you want to protect www. and webmail. subdomains, as well as any aliases of the domain.

3. To protect your platform and mail server, go to Tools & Settings > SSL certificates. And create a new Let’s Encrypt certificate.

Let’s Encrypt Key Features

  • Works out of the box, no setup or CLI commands required
  • Signing of SSL certificates for domains and subdomains
  • Automatic renewal of all certificates
  • Additional domains are now supported
  • Can create a cert for the Plesk panel itself

So give all your sites and apps a secure and trusted certificate with this free Plesk extension. And let us know how it goes in the comments below!

Itching for more ways to up your security while on our ecosystem? Then get started on our Plesk Security course.

Preview Security Course