Your Webhosting Questions
Answered by the Webhosting Experts

How to Enable Protection Against Clickjacking in Plesk Onyx

If you’re a Plesk user running the Plesk Onyx control panel, your server might be vulnerable to a malicious technique known as clickjacking. For those unfamiliar with the term, clickjacking (also known as a “UI redress attack”) is a technique involving transparent overlays where a user is tricked into clicking something different than they perceive. By placing these transparent overlays over images, links, or buttons online, malicious actors can gain access to your server, allowing them to execute harmful commands or extract data. When Plesk is opened within a frame (or separate area of a webpage), it leaves users vulnerable to this type of attack.

So how can you protect yourself from clickjacking? Luckily, you can prevent your server from being clickjacked using the sameOriginOnly setting in the panel.ini file.

*NOTE: This solution works by preventing Plesk pages from opening within frames on any website. This includes all domains and is not exclusive to sites that may be malicious in origin.


Enabling Clickjacking Protection in Plesk

To protect your server from clickjacking, just follow these 5 steps:

  1. For Linux, you’ll first need to log in to your Plesk Onyx server as the root user using your preferred ssh client.
  2. Next, edit the file panel.ini located at /usr/local/psa/admin/conf using the command:

    nano /usr/local/psa/admin/conf/panel.ini
  3. If the file does not already exist, create it using the touch command.
  4. Within the /conf file, add the following lines:


    sameOriginOnly = true
  5. Finally, just save the file and you are done.

And there you have it! Your server is now protected from clickjacking.


Popular Links

Looking for more information on Plesk? Search our Knowledge Base!

Interested in more articles about Control Panels? Navigate to our Categories page using the bar on the left or check out these popular articles:

Popular tags within this category include: cPanel, WHM, Plesk, DirectAdmin, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.


The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your account or if you are on the go, please reach out from your valid account email to us here at: [email protected]. We are also available to you through our phone and live chat system 24/7/365.

Tags +