Complete Server Stability and Security with Plesk

By (Sponsor)  on  

Every few years my hosting sponsor will provide me a new VPS to host this WordPress blog.  I love having a VPS so I have complete control over my server and the environment but one thing I do know is that I don't want to play system admin;  I have a basic understanding of how to install packages I may like but I also know what I don't know:

  • what security patches I need and how to install them
  • what email creation, maintenance, and security utilities I may need
  • how to maintain database versions
  • how to configure apache
  • how to provide limited access to the server for others
  • how to optimize of all the aforementioned utilities
  • how to maintain of all the aforementioned utilities

I don't know how to do any of those things, and quite frankly, I don't want to know how to do all of those things.  They're time-consuming and not interesting or time-efficient -- essentially I just want to write awesome blog posts about awesome front-end features and assume all of the sys admin stuff is taken care of by itself.

So when the host asks me whether I want a vanilla machine or a machine with pre-installed server management software, I always opt for the GUI, which thankfully is always Plesk.  I've been managing email, domains, apache, databases, and everything else through Plesk for this blog since I first started.  Plesk has been a safety blanket for anything I need to do on the sys admin side that I'd be petrified to do via SSH and command line.  I'm at total ease knowing that I have Plesk's GUI to "hold my hand", so to speak, when I need to do something on the server.

If you weren't aware of Plesk before, or haven't seen their new features, let me tell you about them!

Quick Hits

A few things you should know about Plesk:

Ready-To-Code Environment, Rock Solid Security

For as far back as I can remember Plesk has been able to manage any type of environment, from Rails to Node.js to the PHP stack, and from Linux to Windows.  You can throw just about anything at Plesk and it will do the job and do the job well.  A big part of that job and a topic I know the least about?  Security.

Plesk's "Rock Solid Security" comes in a number of fronts:

  • Authentication: Social Media Authentication, Google Authenticator, SAML Authentication, LDAP Integration, Clef Integration, Active Directory Integration
  • Anti-Spam/Antivirus: MagicSpam Integration, Dr. Web & Kaspersky Server Support, SMTP Relay Support, Outbound Antispam
  • Server Security: Atomicore Mod-Security Rules Built-in, CloudFlare Servershield Support, Patchman.co Support, Nimbusec Support
  • Network Security: Fail2ban support, Atomicore Secure Linux Support, Various Security Extensions
  • CloudFlare: integration with CloudFlare takes advantage of all that the service provides, including CDN, DDOS prevention, firewall, caching, and more!  (side note:  I use CloudFlare and it's amazing!)
  • Patchman: Detect and patch vulnerabilities before they can be mass exploited

WordPress Toolkit

WordPress powers roughly 25% of the entire web which is scary when you consider how big the web is, how many plugins and themes are publicly available (are they safe?!), and how much control a plugin can have over a given website.  When you install a plugin, you have no idea what code is underneath and, once a plugin is vetted and approved initially, I don't believe the plugin gets more security review.  Yikes!

Plesk's WordPress Toolkit has a variety of hardening and security testing tasks which can help you avoid putting yourself or (especially) your users at risk:

From scanning plugins and themes, to securing core WordPress files, to deploying WordPress updates, the WordPress Toolkit covers the shell of your WordPress instances better than you can.  The WordPress Toolkit can also automate updates, cron jobs, and other routine WordPress tasks.  Don't forget caching improvements and composer dependency management (with composer) as well!

Free SSL and HTTP2

Over the past two years we've gone from only opting for an SSL certificate (for most sites) to SSL being a standard for serving content -- wow! I remember buying SSL certs for clients every year and paying a cringeworthy amount. At that time we were also on HTTP1 which was optimized for the speed the modern web needs.

Here we are today and all browsers support HTTP2, sites like CloudFlare serve it, and the world is a better place. If you opt to use Plesk's CloudFlare integration, you can turn on their free SSL feature as well as HTTP2. If you opt not to use CloudFlare, Plesk supports LetsEncrypt SSL install so you can get a free SSL certificate!

Closing

There are certain developer tools that I just want to assume work: my operating system, browsers, my blogging software, and of course, my server.  I don't want to worry about infrastructure management with my site -- I want to write blog posts.  I want server management to be a useful, simple GUI tool that does all of the thinking for me...and that's exactly what Plesk does for me.

If you've not tried Plesk or you're laboring with the manual maintenance of your servers, give Plesk a shot.  It's intuitive, eye-pleasing, battle-tested, loaded with extensions, and always improving!

Sponsored via Syndicate


Discussion

  1. Plopz

    Who is the “I” in this post?

  2. Does Plesk manage the whole environment for you? Do you have to do any security on your own?

    Meaning I could spin up a fresh linux or ubuntu server install => Install Plesk and everything required to deploy applications to the web (securely) would be handled? I hope that makes sense.

    • It manages, more or less, everything for you (in terms of the server). You don’t have to worry about managing your virtual hosts, email addresses, databases, FTP users, etc. All you have to do is maintain the operating system – just like you do your desktop.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!