Password Security Standards in 2020

Password Security in 2020

Proper password security practice is incredibly important – your web services and servers will never be secure if you use weak passwords or ignore best advice around password strength. Poor password security policy can be a single point of failure that brings down your entire system or even network.

So, here is a comprehensive list of the most important tips you need to follow when setting and managing passwords in 2020.

Password security practices

You’ll find plenty of resources that give you good tips for password standards, but we think the Nation  Institute of Standards and Technology (NIST) has a relatively watertight list of do’s and don’ts.

The NIST is, of course, an agency that was has the specific goal of pushing industrial competitiveness and innovation in the US – by advancing science, technology and standards. It’s easy to see why the NIST would publish a well-considered list of password best practice given it aims to enhance economic security.

We summarize the most important parts of the NIST’s password advice below. It varies from obvious rules such as uniqueness requirements through to password complexity requirements. It’s a solid basis on which to build a password security policy.

Things you should get right about password standards

Here are a couple of rules you should always adhere to when creating passwords.

  • When a password is created by a person, use at least eight characters or more – and keep in mind that the more characters you use, the less likely your password will be hacked. So, at least eight characters – but try to go for sixteen or more if you can.
  • System generated password standards should be at least six characters – wherever you have a service or system that facilitates the creation of new users you need to ensure the passwords supplied are at least six characters in length. Forums or e-commerce sites should assign users passwords of at least six characters.
  • Support long passwords for password strength, up to 64 characters – allow your users to input very long passwords, we suggest an allowed length of 64 characters as unique passwords of this length will be incredibly secure.
  • Use the entire ASCII set for passwords – lowercase, uppercase, numerals and symbols should all be in mixed into your password. Think JkLL8#!n to make up an eight-digit password.Why does using all ASCII characters matter? Simple – a wider set of characters increases password entropy. In other words, how difficult it is to guess a password. Password entropy increases when passwords are longer, and when passwords use a greater mix of characters like uppercase, numerals and special characters.
  • Make sure your password standard is set enforce uniqueness – don’t re-use passwords across services, instead use a different password for MySQL, FTP, cPanel and – importantly! – your social media and bank accounts. Uniqueness requirements prevent hackers from using a stolen password to access other accounts.
  • Check your password is not in a password dictionary – you can use software packages or tools that check that your password is not contained in existing password lists; always do this check before using a password.
  • Use a password manager – complex passwords are more secure but they are difficult to remember. However, a password manager is a great way to store and access complex passwords.
  • Randomly generate your passwords – a randomly generated password is unlikely to be in a password dictionary and will be difficult to guess. You have plenty of options to randomly generate a password, think org or even Norton’s website.
  • Allow plenty of attempts at a password before you lock a user out, at least ten – with a password security policy it’s important to strike a balance between the number of times a user can try a password and the point at which they’re locked out. When choosing this balance you should consider the risk involved if the account is compromised, but keep in mind that locking users out can be frustrating. Still, to prevent a successful brute force attack, you must lock a user out at some point.
  • Use two-factor authentication (2FA) whenever you can – there is an almost unlimited number of ways in which passwords can be hacked. However, with 2FA, even if a password is hacked, a hacker cannot enter an account without the second authentication factor. This could be biometric data, a key fob or something like Google’s Authenticator

What are the big “no’s” with passwords?

Good practice is one point to address, bad practice needs addressing too. We want to highlight a number of practices you should steer clear of:

  • Never use a dictionary word – any word which can be found in a dictionary should never be used, nor should a combination of dictionary words like clevercat or safeashouses.
  • Frequently change your password – in case your password ends up getting stolen, changing it will mean it can’t be used to compromise an account.
  • Don’t use passwords that reflect the name of people or places you know – hackers might research you and find out who and what matters to you, using these names to try and guess a password. Also be careful of using very slight variations on these names – for example, if your mother is Johannah don’t assume that J0hannah will be secure.
  • Never use the same password twice – use a unique password for every service, and don’t swap backwards and forwards between old and new passwords if a service demands that you input a brand-new password.
  • Forget about using a string based on letters adjacent on your keyboard – you can be sure that any set of letters adjacent on a keyboard will be in a password dictionary. Whether it is qwertyui or mnbvcxzl – forget about it.

Some examples of good and bad passwords

We’ve listed the key password security policy practices you should follows. What does it mean in reality? Well, examples of password you should NOT use include:

  • theoneandonly77
  • sunnycountry12
  • champion88

If you want a secure password, you want to use something like this, but don’t use these (!) – go to a random password generator instead:

The above examples will meet the password complexity requirements of even the most stringent of security policies.

Passphrases can be a great compromise

Know how we said you should use a long complex password? You’ll also know how difficult those are to remember every day. A passphrase can be a good option. It could be based on a movie you know, a joke you like or anything else.

Think about a movie phrase, like Arnold’s “Hasta la vista, baby.” As a password this could easily be written into hastalavistababy which can be made more complex by changing it to an equally easy to remember [email protected][email protected] It’s secure and you can remember it, but try and think of a passphrase that is unique to you to ensure there is absolutely no chance it’ll be caught in a password dictionary.

In any case, our example will take up to 85 billion years to guess by a computer, according to a popular password security checker.

It’s easy to make our example passphrase even more secure – just add a few interesting bits to it. For example, turn it into [email protected][email protected][email protected] if you’re using gmail, and you’ll find password security goes up. That’ll take 128 undecillion years to solve!

What can you do to remember passwords?

Even if you use passphrases you still need to use unique passwords for critical services. Remembering these will be difficult – heck, remembering your passphrase can prove tricky. What’s the best way to fix this problem? A password manager.

Password managers come with other benefits too, including the ability to automatically log in to a website, instead of retrieving or typing a password every single time. However, remember to set up a strong gateway passphrase for your password manager, otherwise all your passwords could be compromised.

Which password manager should you choose? We can’t endorse any specific password manager, but some of the more popular options include Keeper and LastPass.

Multi-factor authentication

Multi-factor authentication, including 2FA which uses two factors, can include a number of aspects. Each of these aspects or factors contribute to password security. Qualifying factors would include the following:

  • A piece of information that only you know – think a password, or indeed a passphrase
  • Something that is possessed by you, and you only. This could be a key fob or code generator or even employee ID
  • Data unique to you as a person, for example a retina imprint, a fingerprint or your face
  • Your location as determined by a GPS or according to your network access point

So, as you can see, multi-factor authentication has plenty of factors that it can depend on. A unique aspect such as a fingerprint or your GPS location can add a huge amount of security on top of a password or passphrase.

Acronis and ZNetLive join forces to offer new security solution

Acronis and ZNetLive join forces to offer new security solution - Plesk

Our partners Acronis and ZNetLive have just teamed up to create a stronger, more accessible cybersecurity solution for users. ZNetLive is India’s largest cloud distributor, having 17 years experience under their belt and customers in 70+ countries. They have now partnered with Acronis, leading security provider with innovative backup and recovery solutions, file sync for enterprises – plus share solutions for both small and larger businesses. Check out the Acronis backup extension, available to Plesk users.

Reasons behind the Acronis ZNetLive Partnership

The main goal for this relationship is to optimize ZNetLive’s partner network and bring Acronis services to small businesses. There is a clear need for each customer to have complete security, powered by AI, with effective ransom blocking. ZNetLive has a leading service in India and with Acronis, they will make huge steps in providing useful tools to a bigger community.

Together, they will give their partners the key skills and solutions to enhance their customers’ protection. Munseh Jadoun, CEO at ZNet Technologies, has talked about feeling motivated to work with Acronis and their security solutions. Whereas, Neil Morarji, Acronis GM, believes this partnership will increase demand in the Indian market.

ZNetLive, Acronis and Plesk

Plesk Onyx is an add-on service which works with ZNetLive’s Cloud VPS and Dedicated Servers, Cloud hosting as well as WordPress hosting, Microsoft Azure and AWS cloud. Also, ZNetLive works with a dedicated Plesk Bundle to help enterprises streamline their IT administration. This combination allows you to stay on top of the most innovative web technologies.

Meanwhile, the Acronis backup extension is available in Plesk too and enables reliable cloud backup for Plesk web hosting servers. Hosters using Plesk can protect entire servers, including all the customer websites they contain. Thus reducing demands on the server and network.

Furthermore, all Plesk administrators can backup on-demand, choose how often to backup, where to store backup data and check recover activity. You can also change your service plans within Plesk, enable or disable self-service recovery, and create a premium backup and disaster recovery service for your customers.

Both ZNetLive and Acronis are top enterprises in the cloud server and security environment. And we at Plesk feel proud of this agreement and the key benefits it will bring customers.

Is this partnership beneficial to you? Tell us in the comments.

Become a Plesk Partner Too

Plesk Partners like ZNetLive get to enjoy a host of benefits from our Partner program. Including exclusive discounts and resources, exposure, support and consultations from our dedicated Partner Success Team, and much more. On the other hand, Acronis teamed up with us to bridge the gap of additional backup solutions for Plesk users. And so developed a Plesk extension to incorporate it into our platform. If you too feel like you can contribute and develop for Plesk, click below and talk to one of our experts.

Cloudflare Releases New Warp VPN

Cloudflare releases new Warp VPN - Plesk Partners

Cloudflare has just launched their new Warp VPN which secures and optimizes DNS queries. Once enabled, Warp encrypts all connections – Securing all internet traffic on any device. Have a look at this VPN performance tool and what it can do.

Warp Protects Your Phone’s Traffic

Warp is able to run on any web browsers and app running on your phone. Cloudflare built the VPN around a UPD-based protocol optimized for mobile internet and the speed it requires. Thanks to Cloudflare’s massive global network, Warp VPN can connect with servers faster than ever.

In addition, tests show that Cloudflare’s network is constantly checking connections. So Warp improves Internet performance and delivers a better experience for users

“Tests show better internet speed once Warp is enabled” - says

vpn/" target="_blank" rel="nofollow noopener noreferrer">Cloudflare Chief Executive.

Warp Performance & Speed

Security is the main feature of VPN tools that impact Internet speed. However, Warp VPN not only improves security aspects but also Internet performance and reliability.

Cloudflare will launch two different versions of their New Warp VPN. The free, basic version is available to you now. But for better performance and speed, Cloudflare’s developing Warp+, the premium version for those wanting to work at lightspeed.

Cloudflare

More Protection with ServerShield by Cloudflare

Admins and site owners know as well as we do that Server security is just as important as performance. So if you’ve already installed Plesk, we suggest looking into the free, complete security solution: ServerShield.

The extension will enable you to protect your websites against online threats and DDoS Attacks. Thus, stopping malicious web traffic while delivering content much faster. ServerShield provides a Web Application Firewall that can stop real-time attacks. This makes it easy to fight SQL injections, spam and cross-site scripting. For additional security features that harden your protection shields further, go for the Cloudflare ServerShield Plus Advanced option.

For more info, see the ServerShield installation guide.

Your Automatic Server Update to Plesk 17.8

Automatic Plesk updates for 17.8

Starting from April 22, we’ll roll out auto-updates from Plesk 17.0 to Plesk 17.8 which will focus on server security and feature fixes. You’ll receive your update notification in the next days and can choose to update manually, turn off automatic updates or simply wait for us to handle the Plesk 17.8 update for you. However we strongly advise you to have an up-to-date server for the following reasons.

Why are you getting this server security update?

Official server security stats from Structure Research 2019 say 90k websites are hacked every day, with 43%+ attacks targeting small businesses. Fileless attacks are also quickly on the rise going from 29% in 2017 to 35% in 2018. So we have to be more efficient with security fixes.

What’s slowing us down is developing, shipping backport bus fixes and features from upstream for 17.0, 17.5 and Plesk 17.8. Thus, having less resources to address your uservoice requests. And even though Plesk 12.x has been EOLed since Jan 1, 2019, it still requires highly-critical server security fixes. Even if the issue is not in Plesk, but in the third-parties that Plesk uses.

The result is that we ship bugs fixes faster for the latest supported Plesk Onyx 17.8, than for the others. For example, in May 2018, we had Plesk 17.5 and 17.8 fully-supporting GDPR. Meanwhile, Plesk 17.0 and Plesk 12.x had limitations to satisfy formal aspects.

How we’re rolling the Plesk 17.8 Auto-update for Admins

First, we will update servers for Plesk Onyx 17.0 and then 17.5 users, who purchased a license directly from Plesk Online Store. This should be quick and painless. Most customers who updated from 17.5 to 17.8 said that during the upgrade, each server took just five minutes to update.

Plesk 17.8 auto-update

When will we upgrade your server?

You’ll first receive a pop-up notification on your Plesk panel, then by email, with clarification of the Plesk 17.8 update process. Giving you time to update at your own convenience, or wait until the auto-update takes effect. Plesk 17.0 will be first, starting from April 22, followed by 17.5 from April 29.

Then, if you’re a Plesk 17.0 admin, you’ll see a permanent notification until you update your server. The notification will count down the days until the auto-update. Two weeks after the notification, the server updates will start in small, controllable chunks.

We don’t recommend you opt-out of this automatic update. But if you’re absolutely sure you want to stay on the current version, you can go to Tools & Settings > Update and Upgrade Settings and turn off automatic Plesk updates.

Your Plesk 17.8 auto-update notification

If you’ve received no such notification, it most likely means we’re updating your servers a little bit later. However, it could also be because you haven’t bought your Plesk license directly from our online store. Or, you may be using components deprecated in the latest version of Plesk.

In such cases, your server won’t get an automatic upgrade to the latest version. Please note that servers with Tomcat installed, or servers connected to Multi Server won’t get updates either since their configuration is incompatible with Plesk 17.8.

Why you should enable automatic Plesk updates

What’s great about updating to Plesk Onyx 17.8 is that you also get all the new features, APIs and CLIs. Whereas only a critical subset of new features is back-ported to the previous versions.

Plesk version usage analysis

You can see that 50% of our servers are already on the latest Plesk Onyx 17.8. Every 24 hours, your server already automatically updates installed Plesk extensions and Plesk WordPress Toolkit automatically updates WordPress core and its plugins. Then, every week, you get a bunch of Plesk service updates automatically installing, and these usually contain bug fixes and feature improvements.

This year, starting from the next major Plesk release, we plan to roll out automatic Plesk updates on a monthly basis. The releases will include new features and bugs fixes and there will be no option to opt-out of a server update.

How does the auto-update affect partners?

We understand that some of our partners offer managed hosting and have many customizations on their servers. To avoid impact on their business, we’ll have exceptions for their servers to spread out rolling of updates over time. You’ll receive direct contact or email before we start any auto-update process for partners. Check the dedicated blog post for the process of how such updates will work for partners.

Can you backup before the Plesk 17.8 auto-update?

There is no trigger to do the backup right before Plesk update happens, but you can configure daily backups, and/or backup and update manually before the auto-update happens.

Set up automatic update installation in Plesk - Plesk 17.8 auto-update

Plesk updates within one major version (for example, 17.x) are quite safe. But if you have concerns, please create the backup manually or set up automatic backups right now.

Got any questions about Plesk 17.8?

Ask us directly in our forum or contact support, and we’ll be quick to help. Meanwhile we would love for your feedback on the auto-update process so that we can make future auto-updates more convenient for you.

CloudLinux (Imunify360) Explain Why We Need New Security Strategies

CloudLinux say we need new security strategies - Plesk

Today’s hackers are widening their scope of threats and creating deeper, harmful impacts. We all need our platforms safe if we want to stay in business. However, organizations tend to cut costs by not hiring full-time security analysts, taking the DIY-approach instead. Thus opening up a can of risks.

Since software, and the attacks it exposes, are always evolving, it’s impossible to keep security policies relevant and reliable. Resulting in compromised websites, unmaintainable systems, a floundering reputation – and ultimately, plunging profits.

Common Characteristics of Cyber Crime Today

Common characteristics of cybercrime today - Server Security

According to many security experts, this is what today’s cyber crime landscape looks like:

  • Scale: Through automation, hacking attempts are now much broader in their attack surface and more prolonged in their duration.
  • Knowledge: Hackers take advantage of dedicated communication channels and share vulnerabilities info. Many vulnerabilities are unknown to both the software vendors and the website owners.
  • Adaptability: Hacking tools and techniques evolve faster than the defenses designed to protect against them. And hackers are customizing attacks for specific website platforms, exploiting specific vulnerabilities.
  • Cost: Hacker communities don’t just steal a company’s data and hijack their resources. They also adopt a company’s corporate mindset and try to lower hacking costs and risks.

If we want to avoid making cybersecurity a full-time fight, we need defense strategies that directly address the above factors.

Layered Security: The Suggested CloudLinux Strategy

What CloudLinux wanted was to regain control of security and make it manageable for Linux hosters and website owners. Hence, discarding previous failed strategies and replacing them with more effective tactics, better suited to battle these new hacking trends.

With layered security, a stack of security components protects against different vectors of attack with specialized software modules. Together implementing a more effective ‘security funnel’ kind of situation.

Layered Security - CloudLinux Cyber Security strategy 2019 - Plesk

Why Layered Security?

Modern security solutions use this multi-layer model because of its wide coverage and the fact that it’s adaptive. System operators can individually fine-tune each layer according to their profile, server specs and compliance needs. Meanwhile, website operators no longer need to constantly reevaluate their security defense posture and upgrade their cybersecurity suite. Instead, they can use their time and money to further develop their businesses and meet their customers’ needs.

Imunify360 in Plesk: Key features & Updates

Imunify360 is a scalable solution with a cybersecurity approach that builds on the industry’s solid and reliable components and protocols. Their technologies improve detection rates, simplify management, and offer opportunities to enhance revenues for hosters and web professionals. Here’s a run-down of the key Imunify360 components.

Imunify360 in Plesk: Firewall, IDS/IPS, anti-malware, antivirus, patching, backup/restore

1. Firewall / WAF

Builds on the strength and reliability of ModSecurity and OSSEC, enhanced by human and machine-learned rules. There’s automated IP block list management to ease your workload, regardless of how many addresses there are. And Individual IP address blocking uses the familiar allow/deny lists model extended by a gray list – where blocked IPs go.

The system only unblocks gray IPs when a human visitor from an HTTP/HTTPS passes a CAPTCHA – thus whitelisting them. However, only admins can manually add entries to a local gray list, reducing false positives and unblock requests for support.

Bulk setting large numbers of IPs is quick and painless. To defend against brute-force attacks, Imunify360 adds to OSSEC’s Active Response which can even detect specific ports under attack, and block them.

2. Intrusion Detection Systems (IDS) & Intrusion Protection Systems (IPS)

These security components inspect traffic for signs of malicious intent, stopping it at source before it can do harm. Imunify360 uses its unique Proactive Defense to scan PHP for malicious code via de-obfuscation and behavior-analysis techniques. In order to work out which requests are authentic, while keeping false positive rates as low as possible.

In the case of malware, Blamer traces the source and method of infiltration. Eventually, armed with this information, Imunify360 will become even more effective at blocking attacks.

3. Anti-malware/antivirus

Imunify360/ImunifyAV automatically or manually scans new, modified, and uploaded files for malware and viruses – for free. Then, you can choose to automatically delete, quarantine or get a warning about malicious content. You’ll be able to perform scheduled scans in the upcoming Imunify360 4.1 version. ImunifyAV+ (premium) also includes one-click cleanup.

4. Patch Management

The main cause of security breaches is outdated software. In fact, unpatched vulnerabilities in software packs leave servers wide open. So you have to patch them asap. However, this takes time and effort, and often, patches need a system restart to activate, which could cause service interruptions.

But Imunify360 actually solves this. Firstly, with HardenedPHP, which patches new vulnerabilities and lets you safely run apps on older, unsupported PHP versions. And secondly, KernelCare, which automatically patches Linux kernels “live” – without rebooting and downtime. Essential since the kernel is the most important Linux system part, handling core functionality which all other apps rely on.

5. Reputation Management

When a website is victim of an attack, Google Safe Browsing blocks it, resulting in you losing traffic and revenue. Because the site is not indexed anymore. So this Imunify360 feature informs you of the Google-block and helps you unblock and restore it.

6. Backup and Restore

File backup brings you peace of mind because of its ability to help you recover from malware infection. Because a backup/restore feature like in Imunify360 (Acronis or CloudLinux) quickly restores your files to their pristine condition.

Fighting cybercrime together

The role of Linux servers has grown as a result of e-commerce growth in the last decade. But Cyber-crime has grown in parallel and puts legit business operations in danger with its sophistication and reach. The only solution is fighting fire with fire; use the same tools hackers are using. Get Linux server protection that is complete and dynamic.

What can go wrong without the best web hosting platform? [Infographic]

Without the right host for your website, a lot can go wrong for your business. Read on to learn more about the importance of choosing the right web hosting platform.

How important is choosing the right web host

Web Hosting Platform - infographic by Plesk

Choosing the right web hosting platform is as important as your site content. And the wrong web hosting platform can seriously impact your business. Your web host must protect your site from security breaches, and backup all your data in case of hacking.

Slow websites or ones that go down for even a few minutes will negatively impact your SEO ranking. (In this event, see how to turbocharge your website speed to get back on track.)

So how important is choosing the right web host? Let’s look at the facts.

One-second page load delay leads to 7% conversion drop

Load delay and conversion drop

Page loading time is one of the most important factors that contribute to your website’s success. Also, it affects whether visitors will return to your website and perform profitable or desired actions. According to Aberdeen Group, a 1-second loading delay can result in a 7% decrease in e-commerce conversions and can drop customer satisfaction by 16%.

Sites on Google’s page 1 load in under 2,000 ms

Sites on Google’s page 1 load in under 2,000 ms - Plesk

Websites that appear on Google’s first page of search results load in under 2,000 milliseconds and loading delays can result in a loss of 44.19% in page views for a 20 second loading delay. A slow-loading website isn’t likely to appear in the first page of Google’s results.

Need a mighty page speed boost? Check out Google Pagespeed Insights.

Almost half of websites are hosted on Apache servers

Apache servers - a majority

From all the billions of websites that exist on the internet, Apache servers are the most widely used with 46.9% of existing websites. NGINX is the second most popular with 37.8% of websites hosted on it. So, make sure your hosting platform supports this.

Stats for SMBs and large companies using private cloud

Stats for SMEs and large companies using private cloud - Plesk

Private cloud computing generally feels safer than public cloud computing because access to the resources in a cloud infrastructure is limited. However, many SMEs – about 8%, and even 24% of larger companies do not buy cloud infrastructure altogether. This is mainly because of lack of knowledge about cloud computing. Pick a web host with plenty of opportunities to scale to the cloud.

A whopping 86% of websites have serious security flaws

Whopping 86% of websites have serious security flaws - Plesk

Over 30,000 websites are hacked daily with 86% of websites having at least one serious security flaw, including these top brands.

Over half of WordPress sites run on an outdated CMS version

Over half of WordPress sites have outdated CMS version

One of the reasons why so many websites are hacked is because many of them run on an outdated CMS version. In fact, 56% of hacked WordPress sites, 84% of hacked Joomla sites, 96% of Magento sites and 81% of hacked Drupal were all hacked for the same reason.

Why Choose Plesk web hosting platform?

When it comes to choosing a web hosting platform, look for reliability and security more than anything. Want to offer users the ability to scale and grow your website quickly without compromising on quality? Then, a web hosting platform like Plesk is one of the best options to grow an enterprise website and maximize its potential.

New Plesk Extensions on the Loose: May Edition

New Plesk Extensions

Reporting the latest additions to the Plesk extensions catalog. All the extensions you see here are available to download or purchase as of the time of writing – May 2018. Inside this month’s edition, we highlight new ways you can improve speed and security of your websites and servers. In order to give you both peace of mind and better performance out of your web domains.

Juggernaut Security and Firewall

First of all, we have the latest member of the gang – Juggernaut Security and Firewall. An all-in-one security extension that Danami designed especially for the needs of power users and server-providers. This extension adds an extra layer of security. One that goes beyond the default settings that most users usually optimize for themselves.

Offering experienced sysadmins a wider range of features and increased flexibility. These advanced features include SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, dynamic block lists and geo-blocking.

Juggernaut is a paid extension. And version 2.05 is now available in the Plesk catalog. You can try it for free for 15 days. Then you’ll get two free months when you sign up for annual billing.

Speed Kit

As a result of recent studies, we know that lower page load times directly link to an increase in traffic. Not to mention lower bounce rates. And hence, higher visitor retention on your website. All these things will eventually lead to higher conversion rates.

Speed Kit promises to boost your page loading speed by 50-300%. How? By re-routing web traffic through its caching infrastructure. Even more, it takes just one click to improve your website’s performance with Speed Kit.

After you install, the extension performs an in-depth speed analysis, determining the improvements that you should implement to boost your site’s metrics. When you store a copy of your site in the accelerated framework, users can access your page in an instant from their browser. Even when they’re offline.

Sucuri Security Scanner

Seems like Sucuri Security Scanner uses the public API of Sucuri SiteCheck to detect malicious elements on your website. In an effective way. This extension will let you schedule regular scans effortlessly. Thus, helping you monitor for malware all the time and receive timely notifications about your site’s status.

Sucuri Security Scanner includes the following features:

  • Detecting website malware infections.
  • Monitoring blacklist status.
  • Setting up scans as a scheduled task.
  • Receiving email notifications for security issues.
  • Viewing website security details and information.

Nimbusec Webhosting Security

And finally, we have Nimbusec. Another security monitoring extension for websites that you can find in our catalog. It will scan your website domains over and over again. And then report any potential threats on a centralized dashboard.

Nimbusec Webhosting Security can detect the following online threats:

  • Backdoors and web shells.
  • Overdue CMS updates.
  • Malware.
  • Defacement.
  • Blacklisting.
  • SSL certificate problems.

All in all, security should be a number one priority when maintaining your servers. So if you feel overwhelmed by all our security extension options, feel free to get in touch and chat.

And that’s all the extension news this month. Stay tuned for our next overview of latest available extensions in our June edition. Meanwhile, are you curious for more? Check out the 100+ more Plesk extensions we’ve got available in our catalog.