Plesk Password Protected

[spilias]

Hello,

Is it possible to add .htaccess to Plesk Login Page?

I have a server with brute force logins.

Thanks

 

[IgorG]

I think that using feature Tools & Settings > Restrict Administrative Access would be more effective.

 

[spilias]

Hello Igor,

The problem is not only for the admin user but for all random users.

 

[IgorG]

You can use fail2ban feature for protection you Plesk login page from brute force attacks:

 

[UFHH01]

Hi spilias,

"htaccess" - protections only work for apache - webservers, but the Plesk Control Panel uses it's very on webserver, based on nginx ( called "sw-cp-server" ).

You could add a password protection like for example

        auth_basic "Plesk Login Screen";
        auth_basic_user_file /etc/nginx/.htpasswd;

at "/etc/sw-cp-server/conf.d/plesk.inc" ( inside several existing location definitions! ) where ".htpasswd" has to be created by you with the desired username and encrypted password ( please see the documentation at http://nginx.com/resources/admin-guide/restricting-access/ ) ... but please be aware, that Plesk could always replace or overwrite the file "plesk.inc" in case of patches/updates/upgrades!


It is pretty "normal", that you experience brute force attacks on login screens, that's why using fail2ban, as suggested by @IgorG is always a good idea and please use a strong admin password and change it from time to time.