← HeatShield Docs

Securing Plesk with a Firewall

When used as a control panel, Plesk installs several services on your server. For those services to run correctly, you need to configure your firewall to open the ports needed for the services you wish to use.

With the list of ports from Plesk's documentation, you can use HeatShield to configure the firewall for your Plesk servers.

Specifically, you will want to open the following ports to access the Plesk control panel itself:

  • 8880—HTTP access to Plesk
  • 8443—HTTPS access to Plesk

Opening Your Firewall to a Set of Plesk Ports

Even though this tutorial will create a ruleset that opens all of Plesk's inbound ports, you should only open the ports for the services you use on your server.

To use HeatShield to open ports on your Plesk server, you can create a new ruleset that contains only the rules related to Plesk. If you have multiple servers running similar Plesk configurations, you can apply this ruleset each of those servers.

First, connect your server to HeatShield and upgrade it to use custom rulesets.

Then, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow and the Source to Any.

Select Custom from the Destination dropdown and enter TCP 20 as the port. Click Add.

Repeat this step for each of the Plesk ports you need to open on your server.

Your final ruleset will look similar to this example:

If you want to only allow HTTPS access to Plesk, you could only open the HTTPS port (8443).

If you want to whitelist which IP addresses have access, you can only open that port to specific IP addresses.

Applying the Plesk Ruleset

To apply your new ruleset to your Plesk server, open the server in HeatShield.

Select your Plesk ruleset from the drop-down list and click Apply Ruleset.

Your new ruleset will be applied.

Since SSH and HTTP/HTTPS are already included in HeatShield's default rulesets, you don't need to add those rules to your Plesk ruleset. Unless you have removed them yourself, they will already be applied to your server.

Advanced security for your WordPress sites