What are the main new features in Plesk Obsidian 18.0.72?

Released on August 19, 2025, Plesk Obsidian 18.0.72 introduces one of the most ambitious sets of changes in recent years. The highlight is the Sitejet AI Website Generator, which enables administrators and end users to build a functional, responsive website in seconds based on minimal business information. It also replaces the legacy SPAW editor in File Manager with the modern Jodit WYSIWYG editor (currently in BETA), adds a global switch for HTTP/3 support on Linux servers, improves accessibility with ARIA and semantic HTML for screen readers, and updates the PHP preset to include PHP 8.4 as the default recommended version. This release also comes with hundreds of bug fixes and ecosystem extension updates, making it a comprehensive upgrade focused on usability, performance, and security.

Which operating systems and platform compatibilities are supported or changed?

Plesk Obsidian 18.0.72 expands platform support by adding compatibility with AlmaLinux 10, which is now recommended for new deployments, and by extending the Extended Lifecycle Support (ELS) for Ubuntu 20.04 until December 31, 2027, albeit with an additional cost since the official vendor support ended in April 2025. For Windows users, in-place upgrades from Windows Server 2019 to Windows Server 2025 are supported, provided that administrators create a snapshot beforehand to avoid risks. Key extensions such as Firewall, DNSSEC, and WP Toolkit have also been updated to align with AlmaLinux 10, ensuring administrators can maintain continuity across modern environments.

How does the new email password hashing feature work?

With version 18.0.72, Plesk introduces hashed storage for new email account passwords, replacing the older symmetric encryption method. This means newly created or reset passwords will be stored as non-reversible hashes, improving security and aligning with modern best practices. Existing passwords remain encrypted until administrators choose to force a rehash. The feature can be controlled in panel.ini: administrators can disable the UI toggle if they want to enforce a single policy. For strict security environments, Plesk also documents how to rehash all existing passwords so that every mailbox password complies with the new hashing standard.

What does Update 1 for version 18.0.72 fix?

Update 1, released on August 26, 2025, is a critical patch for Linux-based Plesk servers. It resolves four major issues that were affecting administrators shortly after the initial release. These include: (1) HTTP 500 errors when accessing Apache & Nginx Settings (PPPM-15083), (2) swap not being enabled by default on Ubuntu or Debian installations (PPP-69252), (3) DNSSEC failing to sign zones on AlmaLinux 10 (PPP-69253), and (4) infinite redirect loops in WordPress when a site was configured as the default website for an IP and certain plugins were installed (PPPM-15085). Applying Update 1 is strongly recommended for production environments as it restores stability to critical daily hosting operations.

What new features are included in WP Toolkit 6.8.0?

WP Toolkit 6.8.0, released on August 21, 2025, introduces deeper integration with WordPress by shipping its own plugin that appears inside the wp-admin dashboard. This plugin provides administrators with direct visibility into vulnerabilities, applies instant mitigations when plugins or themes are installed directly from WordPress, and eliminates the delay that existed between manual installs and the next scheduled WP Toolkit scan. The update also introduces counters showing how many exploitation attempts were blocked by Vulnerability Protection, improves the user interface with reorganized controls, and adds compatibility with AlmaLinux 10 and upcoming 'temporary domains' support in cPanel. Importantly, WP Toolkit 6.8 requires Plesk version 18.0.61 or higher; users on earlier versions must stay on WP Toolkit 6.7.4, which is the last version compatible with older Plesk builds.

Plesk Obsidian 18.0.72: AI Websites in Seconds, AlmaLinux 10 Support, and Critical Fixes

Published 08/31/2025

X (Twitter) Facebook Pinterest LinkedIn Email WhatsApp

Plesk has rolled out one of its most ambitious updates in recent years. Obsidian 18.0.72, released on August 19, 2025, introduces the Sitejet AI Website Generator, key security enhancements, extended OS support, and a long list of bug fixes. A few days later, on August 26, 2025, Update 1 was published to address post-release issues, including an HTTP 500 error when accessing Apache & Nginx Settings.

The August cycle also includes updates to extensions and ecosystem tools: WP Toolkit 6.8.0, Firewall 2.2.10, Sitejet Builder 1.3.1, improvements to Plesk Migrator 2.30.0, and third-party component updates for both Linux and Windows. Altogether, these changes focus on three areas: simplifying site creation, strengthening daily operations, and keeping the software stack up to date.

Sitejet AI Website Generator: AI-assisted site creation lands in Plesk

The highlight of Plesk Obsidian 18.0.72 is the Sitejet AI Website Generator, integrated into the Sitejet Builder extension. The feature allows users to create fully responsive websites in seconds, simply by entering a few details about their business or organization. The generator outputs a clean, editable base directly in Sitejet Builder, complete with content and structure tailored to the business type.

The tool doesn’t aim to replace professional design or copywriting but rather accelerates the initial setup: producing a valid skeleton with layouts, fonts, and color palettes ready for customization. For SMBs, internal projects, or quick landing pages, this is a major time saver.

Platform support: AlmaLinux 10, ELS for Ubuntu 20.04, and mail password hashing

On the systems side, Plesk for Linux introduces two major updates:

Support for AlmaLinux 10. New deployments on AlmaLinux are now recommended to start with this version. Several extensions have already updated compatibility (Firewall 2.2.10, DNSSEC, etc.).
Extended Lifecycle Support (ELS) for Ubuntu 20.04 until December 31, 2027. Even though the vendor EOL was April 2025, Plesk will continue updates and support until the specified date. Running EOL systems incurs extra costs, and migration or upgrades are strongly recommended.

Additionally, Plesk now offers hashing for mail account passwords (instead of symmetric encryption). Only new passwords created after enabling this feature are hashed. To enforce the policy in the interface, add the following to panel.ini:

[passwordManagement]
features.allowEmailPasswordHashing = false
Code language: JavaScript (javascript)

Plesk also provides instructions to rehash existing passwords for full consistency.

Jodit replaces SPAW in File Manager (BETA)

The File Manager now includes the Jodit WYSIWYG editor, replacing SPAW. Jodit enables full-page editing with a broader set of formatting and styling tools. The integrated version is considered BETA due to some known limitations, which Plesk promises to resolve in upcoming releases.

Feature improvements: HTTP/3 switch, accessibility, and PHP 8.4 by default

Some notable usability enhancements include:

HTTP/3: Plesk for Linux now allows enabling/disabling HTTP/3 server-wide via Tools & Settings > Apache & Nginx Settings.
Accessibility: Several pages now support screen readers with semantic HTML and ARIA attributes.
PHP 8.4: Added to the Recommended preset and set as the default version for Service Plans. PHP 8.1 is no longer recommended (but remains available).
Laravel Toolkit: Customer users now see a progress window when deploying apps.
Alibaba Cloud images: Now run on Ubuntu 24 (previously Ubuntu 22).
Admin aliases: Can now be backed up, restored, and migrated.

On Windows, Plesk now supports in-place upgrades from Windows Server 2019 to 2025, with the usual advice: take a snapshot before proceeding.

Goodbye UserVoice, hello Productboard

Plesk confirmed the deprecation of UserVoice by October 2025. Feature requests and feedback will move to Plesk Productboard (features.plesk.com), offering a more transparent roadmap with public voting and prioritization.

Bug fixes: HTTP/3, PostgreSQL monitoring, Docker, and more

Obsidian 18.0.72 ships with an extensive set of fixes. Examples include:

Skins and Color Schemes now work again after deprecated methods were removed.
Fixed session expiration errors while editing files.
Node.js™: 404 issues caused by custom environment variables were resolved.
Watchdog now correctly monitors PostgreSQL® again.
Fixed “Forbidden – origin invalid” errors in Docker Standalone with Portainer.

On Linux:

Fixed 421 “Misdirected Request” errors after CVE-2025-23048 hotfix.
Dropbox scheduled backups can now be enabled by customers.
Fixed filemng errors when moving domains.
Fixed broken HTTP/3 connections in nginx with multiple workers and no default IPv4 domain.
Removed false sw-tar warnings during repair operations.

On Windows:

Installation issues with Plesk 18.0.67 are resolved.
Large backups now restore much faster.

Update 1 (August 26, 2025): four urgent Linux fixes

Update 1 was quickly released with critical fixes:

Fixed HTTP 500 when accessing Apache & Nginx Settings after upgrading (PPPM-15083).
Fixed swap not enabled on Ubuntu/Debian installations (PPP-69252).
Fixed DNSSEC signing on AlmaLinux 10 servers (PPP-69253).
Fixed infinite redirect loops when certain WordPress plugins were installed on sites set as default for an IP (PPPM-15085).

For production environments, this update is strongly recommended.

WP Toolkit 6.8.0: native plugin and instant vulnerability mitigation

WP Toolkit 6.8.0 (August 21, 2025) introduces its own WordPress plugin, bringing part of WP Toolkit functionality into the wp-admin dashboard. Currently, it provides vulnerability information and —most importantly— detects themes/plugins installed directly in WordPress, applying mitigation strategies immediately, without waiting for the next scheduled check.

To enable auto-installation of the plugin on all new sites, add the following line to panel.ini (Plesk) or config.ini (cPanel):

installIntegrationPluginToNewSites = true
Code language: JavaScript (javascript)

To fully enable the GUI and events:

integrationPluginApi = true
integrationPluginUiModuleEnabled = true
integrationPluginEventModuleEnabled = true
Code language: JavaScript (javascript)

Requirements: WP Toolkit 6.8 requires Plesk ≥ 18.0.61. WP Toolkit 6.7.4 is the last version to support older Plesk versions.

Other improvements:

WP Toolkit now shows how many exploit attempts were blocked by Vulnerability Protection.
Reorganized site card controls for a clearer interface.
Added AlmaLinux 10 support.
Added support for upcoming temporary domains in cPanel.

Migrator, Firewall, Sitejet Builder, and SSL It! updates

Plesk Migrator 2.30.0 adds migration of extra admin profiles, avoids regenerating DKIM keys, and fixes issues with cPanel + MariaDB 11.4, special characters in passwords, CNAME mail records, IPv6 zones, MariaDB errors, and more.
Firewall 2.2.9 / 2.2.10 adds reboot warnings for kernel updates, improves CLI error reporting, and fixes installation on AlmaLinux 10.
Sitejet Builder 1.3.0 / 1.3.1 adds the AI-powered site generator and fixes domain card AI button issues.
SSL It! 1.18.4 resolves PHP 8.4 compatibility issues and fixes DANE secure failures on IDN domains.

Updated components: PostgreSQL 17.5, Node.js 22.17.1, Ruby 3.4, and more

Linux: ModSecurity 2.9.12, mariadb-connector-odbc 3.2.6, PEAR Archive_Tar 1.6.0, libwebp 1.6.0, PostgreSQL 17.5, Sophos 3.95.0, Go 1.24.5, Xdebug 3.4.5.
Windows: ModSecurity 2.9.12, PHP 8.4.11 for plesk-engine, SQLite 3.50.3, Git 2.50.1, MailEnable 10.53, Node.js 22.17.1 (default version, Node.js 18 removed), Dr.Web 12.0.1.
Ruby 1.6.0: supports Ruby 3.4.5, 3.3.9, and 3.2.9, while removing outdated Ruby 3.2.2.

Practical recommendations for admins

Apply Update 1 if already on 18.0.72 — it fixes critical Apache/nginx, swap, DNSSEC, and WordPress issues.
Plan for PHP 8.4 adoption and test applications accordingly.
Consider enabling mail password hashing for stronger security.
Configure auto-install of WP Toolkit plugin to close vulnerability windows.
Standardize new deployments on AlmaLinux 10. If running Ubuntu 20.04 ELS, plan a migration roadmap.
Use the HTTP/3 global toggle to test and roll back if needed.

Conclusion

Plesk Obsidian 18.0.72 blends new features —like AI-powered site creation— with essential operational and security improvements. With Update 1 addressing critical issues, and WP Toolkit 6.8.0 bringing proactive protection directly into WordPress, the platform is now more robust for 2025.

For providers and sysadmins, the focus is clear: adopt selectively, patch immediately, and plan migrations carefully. With this balance, Plesk remains a strong, modern control panel option heading into 2026.

FAQs

1. How can I auto-install the new WP Toolkit plugin on every WordPress site?
Add installIntegrationPluginToNewSites = true in panel.ini (Plesk) or config.ini (cPanel). To enable the UI, also set:

integrationPluginApi = true
integrationPluginUiModuleEnabled = true
integrationPluginEventModuleEnabled = true
Code language: JavaScript (javascript)

2. Where do I enable or disable HTTP/3 server-wide in Plesk for Linux?
In Tools & Settings > Apache & Nginx Settings, there’s now a global checkbox for HTTP/3 support.

3. What changes when enabling mail password hashing?
New mail account passwords will be hashed instead of symmetrically encrypted. Old passwords remain encrypted until rehashed. To lock the policy in place, add:

[passwordManagement]
features.allowEmailPasswordHashing = false
Code language: JavaScript (javascript)

4. Should I rely on Ubuntu 20.04 ELS or upgrade?
ELS offers support until December 31, 2027, but incurs extra cost. It’s a stopgap, not a long-term solution. Migrating to Ubuntu 24 or AlmaLinux 10 is recommended.

X (Twitter) Facebook Pinterest LinkedIn Email WhatsApp

Plesk Obsidian 18.0.72: AI Websites in Seconds, AlmaLinux 10 Support, and Critical Fixes

Sitejet AI Website Generator: AI-assisted site creation lands in Plesk

Platform support: AlmaLinux 10, ELS for Ubuntu 20.04, and mail password hashing

Jodit replaces SPAW in File Manager (BETA)

Feature improvements: HTTP/3 switch, accessibility, and PHP 8.4 by default

Goodbye UserVoice, hello Productboard

Bug fixes: HTTP/3, PostgreSQL monitoring, Docker, and more

Update 1 (August 26, 2025): four urgent Linux fixes

WP Toolkit 6.8.0: native plugin and instant vulnerability mitigation

Migrator, Firewall, Sitejet Builder, and SSL It! updates

Updated components: PostgreSQL 17.5, Node.js 22.17.1, Ruby 3.4, and more

Practical recommendations for admins

Conclusion

FAQs

Related articles

Windows 95 Turns 30: When Microsoft Made an Operating System a Cultural Phenomenon

How to Partition and Format Disk Drives on Linux: A Detailed Guide

Kali Linux 2024.4 Release: 14 new tools and significant updates

What is the Linux Crontab used for?

VMware Thin vs. Thick Provisioning: Advanced Guide for System Administrators

The ultimate guide to mysqldump – A database backup program

Web-Check: The Swiss Army Knife of Open Source Website Analysis

Ceph Breaks Records: AMD EPYC Deployment Delivers Sustained 1 TiB/s Throughput, Setting a New Benchmark for Distributed Storage

Linux 6.16 Lands with Intel TDX, APX, DMA Zero-Copy Networking, and Key Enhancements to EXT4, XFS, and NVIDIA Hopper GPUs

Cybercrime: A Growing National Security Threat That Demands Immediate Action