Security.txt Standard Compliance
security.txt is a widely spread standard of reporting security vulnerabilities to the service owners.
The main goal of security.txt
is to help both your clients and security researchers easily get in touch with you when they
find a vulnerability in a Plesk domain.
Starting from version 18.0.62, Plesk Obsidian is fully compatible with the standard:
- The
security.txt
file is generated for all domains hosted on a Plesk server. - Plesk will continuously maintain the
security.txt
file once it is created and the feature is enabled. - Plesk takes into account the custom
security.txt
file of a domain and never applies the security policies from the server file to the domain. - Plesk automatically updates the expiration date of the file.
To make your Plesk server security.txt compliant:
-
Once the extension is installed, click Open.
-
Select the “Enable compliance with the “security.txt” standard in Plesk” checkbox.
-
(Optional) To modify the default
security.txt
file generated by Plesk, select the “Use the custom security.txt text” checkbox, and then specify what needs to be changed in the “Security.txt text” field that becomes available. -
Save your changes by clicking:
-
Save to save the configuration and apply the changes manually later. For example, you may do it to
give your clients extra time to reconfigure their domains in accordance with the changes to avoid possible issues.
You can reconfigure the server manually by running the
plesk repair web
CLI command. - Save and Reconfigure if you want to apply the changes and reconfigure the Plesk server right now.
Now your Plesk server is security.txt compliant.