Securing plesk with user/password dialog

February 8, 2016

If you want to add additional security to your plesk installation (this method is not working for all plesk versions) it is possible to use a .htaccess-like user/password dialog. Plesk uses sw-cp-server as a webserver. You have to edit the script which starts the server. Insert the following lines in /etc/sw-cp-server/applications.d/ after the fastcgi section. The path to .htpasswd surely can be changed to whatever you want and the user running the shell-script has access to.

# Limit access to Admin
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/path/to/.htpasswd"
auth.require = ( "/" =>
 "method" => "basic",
 "realm" => "your realm name",
 "require" => "valid-user"

After adding the additional lines to the shell-script you have to include the module “mod_auth” at the first line in /etc/sw-cp-server/applications.d/plesk.conf. Then create a .htpasswd file at the specified path and add the user/password combination with the htpasswd-command. The last step is a restart of the sw-cp-server:

/etc/init.d/sw-cp-server restart