security.txt is a widely spread standard of reporting security vulnerabilities to the service owners. The main goal of security.txt is to help both your clients and security researchers easily get in touch with you when they find a vulnerability in a Plesk domain.

Starting from version 18.0.62, Plesk Obsidian is fully compatible with the standard:

The security.txt file is generated for all domains hosted on a Plesk server.

Plesk will continuously maintain the security.txt file once it is created and the feature is enabled.

Plesk takes into account the custom security.txt file of a domain and never applies the security policies from the server file to the domain.

Plesk automatically updates the expiration date of the file.

To make your Plesk server security.txt compliant:

Log in to Plesk.

Install the “Native security.txt compliance” extension.

Once the extension is installed, click Open.

Select the “Enable compliance with the “security.txt” standard in Plesk” checkbox.

image security txt extension

(Optional) To modify the default security.txt file generated by Plesk, select the “Use the custom security.txt text” checkbox, and then specify what needs to be changed in the “Security.txt text” field that becomes available.

Save your changes by clicking:

Save to save the configuration and apply the changes manually later. For example, you may do it to give your clients extra time to reconfigure their domains in accordance with the changes to avoid possible issues. You can reconfigure the server manually by running the plesk repair web CLI command.

Save and Reconfigure if you want to apply the changes and reconfigure the Plesk server right now.

Now your Plesk server is security.txt compliant.