How to Set Up Multi-Factor Authentication (MFA) in Plesk Panel
Posted inPlesk Security

How to Set Up Multi-Factor Authentication (MFA) in Plesk Panel

Introduction : 

In today’s digital age, securing your server and web hosting environment is critical. One of the most effective ways to enhance security is through Multi-Factor Authentication (MFA), which adds an extra layer of protection by requiring not just your password but also a second factor, typically generated via an app on your smartphone.

This blog post will guide you through the steps to enable MFA in Plesk Panel, ensuring that your server and websites are safer from unauthorized access.

What is Multi-Factor Authentication (MFA)?

MFA requires multiple forms of verification before you can log into your account. In Plesk, this is commonly done using a password (something you know) and a one-time passcode (something you have) generated by an authentication app, such as Google Authenticator, Authy or Duo.

Why Use MFA in Plesk?

Enhanced Security: Protects your account from unauthorized access, even if your password is compromised.

Prevents Phishing: Even if attackers acquire your password, they can’t log in without the second factor.

Easy Setup: Many authentication apps are free and easy to configure.

Steps to Enable MFA in Plesk Panel :

1. Log into Plesk

Start by logging into your Plesk Panel using your login credentials.

2. Go to Account or refer to the screenshot below 

3. Click on My Profile 

4.  After clicking on ‘My Profile,’ scroll down and click on the link as shown in the screenshot below

5. Enable Multi-Factor Authentication by ticking the box and follow the next steps.

4. Set Up MFA Using Google Authenticator (or other app)

After selecting Set Up Two-Factor Authentication, Plesk will generate a QR code. To link your authentication app:

  • Open the Google Authenticator app (or your preferred MFA app) on your smartphone.
  • Tap the + icon in the app to add a new account.
  • Use your phone’s camera to scan the QR code displayed in Plesk Panel.

The app will now generate a one-time passcode (OTP) that refreshes every 30 seconds.

5. Enter the OTP in Plesk

Once you’ve scanned the QR code:

  • Enter the OTP generated by the app into the Plesk Panel’s authentication setup page.
  • Click Confirm to complete the setup.

6. Test the MFA Setup

To ensure MFA is working correctly:

  • Log out of Plesk and attempt to log back in.
  • After entering your username and password, you will be prompted to enter the OTP from your authentication app.

Enter the OTP, and you should successfully log into Plesk, confirming that MFA is set up properly.

Conclusion

By enabling Multi-Factor Authentication (MFA) in Plesk Panel, you’re adding a significant layer of security to your hosting environment. Even if your password is compromised, MFA ensures that unauthorized users won’t be able to access your server without the second factor. Setting up MFA is quick, easy, and highly recommended for all Plesk administrators.