Password protection for a domain is activated when three incidents occur within 30 days to protect visitors from infections. Possible reasons include repeated compromises or incorrectly reactivated files. Users should close security gaps and report exceptions for legitimate content. Instructions for managing user access and changing passwords are provided. In case of repeated malware infections, an extended root cause analysis by specialists is recommended.
Password protection for a domain is applied starting from the third incident within the last 30 days. This measure is taken to protect website visitors from potential infection.
Possible reasons for this include:
- the domain was compromised multiple times within 30 days, or
- files that were blocked were reactivated without correction.
In the first case, it is important to identify the vulnerability through which the malware was injected.
Please take all the measures described in the email.
With password protection, you still have the option to access your website, for example, to update the applications used. More information is available under "Instructions: View Users and Change Password."
If you have already taken all measures and malware is present on the domain again, we recommend an extended root cause analysis by web security specialists such as Sucuri.
If case 2 is the cause of the password protection, we ask you to clean the files or keep them blocked. If the reported files are legitimate content, it is important that you report this to us so that we can define exceptions in the malware scan.
Instructions: View Users and Change Password
1. Log in to Plesk, select Websites & Domains, and go to the Password-Protected Directories menu.
2. If multiple domains are on the subscription, select the appropriate domain with Manage.
3. The protected directory will now be visible with the name /. Please click on it.
4. The user of the protected directory will now be visible (this is a user generated by us). You can either create a new user with a password here, which you can use to log in to the website, or select the listed user and change the password:
5. Open your website and enter the visible user and the newly set password.