DEV Community

Farooq Junejo
Farooq Junejo

Posted on

5 Essential Security Steps for Plesk Servers in 2025 (From a System Admin)

#plesk #sysadmin #linux #security

Plesk is one of the most popular control panels for Linux servers — but out-of-the-box, it’s not fully secure. As a system administrator working with hosting companies in Pakistan and abroad, I’ve helped harden many Plesk environments. Here are five essential steps you should take today to protect your server in 2025.

🔐 1. Disable Unused Services

Only keep the services you actually need. Disable FTP, Mail, or DNS services if your server doesn’t require them.

bash
systemctl stop psa-proftpd
systemctl disable psa-proftpd

🛡 2. Secure Webmail Access (Roundcube)

Make sure you:

  • Force HTTPS on /webmail
  • Remove unused Roundcube plugins
  • Run regular malware scans on /var/www/

🔒 3. Enable Fail2Ban with Custom Filters
Fail2Ban helps protect against brute-force attacks. Customize jails for:

  • SSH
  • Plesk login
  • Webmail

📩 4. Limit Outbound Emails

Misconfigured scripts and forms can cause spam. Always:

  • Use SMTP authentication
  • Disable PHP mail() for all domains
  • Set outgoing limits per mailbox

🔬 5. Run ClamAV or Maldet Weekly
Security tools like ClamAV can detect backdoors and spam scripts. I scan /var/www/vhosts/ weekly.
clamscan -r /var/www/vhosts/

👨‍💻 About Me
I’m a Linux system administrator and founder of Hostiget, providing email protection and secure hosting solutions.
I also write tutorials and share resources on:

📎 My blog: https://hostiget.com/farooq-junejo/
🐙 GitHub: https://github.com/farooqjunejo
🔗 LinkedIn: https://www.linkedin.com/in/farooq-junejo

Let me know what steps you follow to secure your server — I’d love to hear other admins’ strategies!

## 📌 How to Publish the Blog

1. Go to: [https://dev.to/new](https://dev.to/new)
2. Paste the **title**, **tags**, and **content** provided above
3. Click **"Save Draft"** if you want to review it later  
   Or click **"Publish"** to make it live


## ✅ Once It's Live

1. Copy the **URL** (e.g., `https://dev.to/farooqjunejo/plesk-security-guide`)
2. Send it to me — I’ll help you:
   - ✅ Add it as a reference in your Wikipedia draft
   - ✅ Link it in your personal site/blog
   - ✅ Repost it to Quora or Reddit (for even more exposure)


Ready to publish it?  
Once you're done, just send me the URL!
Enter fullscreen mode Exit fullscreen mode

Top comments (0)