Plesk Obsidian continues to evolve with a clear focus on security, compatibility and administration experience. Version 18.0.74 —released on 11 November 2025— comes with a series of core and extension updates (18.0.74 Update 1, 18.0.73 Update 4, WP Toolkit 6.9, Node.js Toolkit 2.4.x, new releases of Migrator, Repair Kit, etc.) that strengthen the platform as an “all-in-one” control panel for Linux and Windows environments.
At the same time, the hosting ecosystem is going through a tense moment: many companies and professionals are starting to move away from Plesk because of its continuous price increases and are increasingly considering alternatives such as RunCloud, Ploi.io, ServerAvatar or FlyWP.
In this mixed context —solid product, but complex commercial climate— the latest Plesk Obsidian features arrive.
TuxCare ELS for PHP and Debian 13 support
The main functional new feature of Plesk Obsidian 18.0.74 is the integration with TuxCare Extended Lifecycle Support (ELS) for PHP. Through an official extension, administrators can subscribe to and manage extended support for PHP versions that are already out of official maintenance, directly from the Plesk interface.
In practice, this allows you to:
- Keep legacy applications that depend on older PHP versions running.
- Continue receiving critical security patches without being forced into a rushed code migration.
- Centralize management of PHP versions and patches directly from the control panel.
In addition, Plesk adds support for Debian 13 “Trixie”, with certain limitations, and the possibility to migrate servers to this new version using Plesk Migrator. Support for MariaDB 11.8 is also introduced, aligning the platform with the latest versions in the LAMP ecosystem.
Platform improvements: performance, mail and user experience
Version 18.0.74 and its associated updates introduce broad improvements in the panel core:
- Dovecot with Apache Solr™ on Linux
Enables much faster searches in large IMAP mailboxes, a key improvement for mail servers with thousands of messages per account. - Reinforced security on multiple fronts
- Stronger password security for mail accounts.
- Hardened AWStats.
- Updated internal Plesk PHP engine (8.4.x) and critical components such as phpMyAdmin (5.2.3).
- Updated OWASP ModSecurity CRS to version 4.19.0 on Linux.
- Accessibility and UX
Some pages have been adapted to be more accessible to screen readers thanks to improvements in semantic HTML and ARIA attributes. - Stricter defaults
On new installations, the options “Prohibit creating domains that resolve to other servers” and “Prohibit creating domains from the list below” are now enabled by default, reducing bad practices and potential DNS-related issues. - Node.js 25 and other stack updates
The Node.js Toolkit now supports installing Node.js 25, and other components such as courier, msmtp, PostgreSQL client, Passenger, Git for Windows, ASP.NET Core, OpenSSL and libcurl have also been updated.
WP Toolkit 6.9.0: backups across Plesk and cPanel and more proactive protection
The update to WP Toolkit 6.9.0 further strengthens Plesk as a managed WordPress-oriented panel, with several enhancements especially interesting for hosting providers and agencies:
- Portable backups between servers and panels
It is now possible to create backups in WP Toolkit and easily restore them on different servers and even on other panels, such as cPanel, and vice versa.
In short, the process is:- Create a new WordPress site on the target domain.
- Upload the backup.
- Disable “Hide backups from other domains” if needed.
- Locate the backup and restore it (Plesk will automatically adjust paths and URLs).
- Extended compatibility and performance
- Official support for Debian 12 and Debian 13.
- Better handling of installations using Redis Object Cache when cloning or copying data between WordPress sites.
- Vulnerability protection rules are now applied almost in real time, without waiting for the hourly maintenance task.
- Low-risk vulnerabilities are now also considered in protection policies.
- Stability and UX
- Malformed PHP files should no longer break the WP Toolkit interface.
- Proper cleanup of cloned installations after failed Smart Updates.
- Fixes for issues that caused log spam.
- Accessibility improvements and corrected notification messages.
WP Toolkit also warns that the CLI option -password will be deprecated in version 6.10, being replaced by the ADMIN_PASSWORD environment variable.
Migration, repair tools and key extensions
Official extensions have also received an important round of improvements:
- Plesk Migrator 2.31.x
- Better support for migrating databases without “argument list too long” errors.
- Ability to configure MySQL/MariaDB clients using system
my.cnf/my.inior a custom migrator configuration file. - Support for migrating error documents to Plesk for Windows >= 18.0.74.
- New pre-migration checks for migrations from cPanel (for example, compressed email messages).
- Repair Kit 1.4.4
- Security improvements and correct sorting of the
TIME_MScolumn in the database process list. - Permissions for “Restricted Mode” introduced in previous versions.
- Security improvements and correct sorting of the
- Site Import, SFTP Backup, Firewall, Panel.ini Editor, NTP Timesync, PHP Composer, VirusTotal Website Check, Nextcloud, Multi-Factor Authentication, DNS Integration for Cloudflare, SSL It!, Grafana, Google Workspace, Hosting Plan Exporter, .NET Toolkit…
Many of these extensions bring internal improvements, compatibility with PHP 8.4, support for Debian 13 and security adjustments which, while not flashy, contribute to stable and secure operation of the panel in production.
The elephant in the room: price hikes and migration to alternatives
Beyond technical features, there is a reality that increasingly influences decisions made by providers and system administrators: constant Plesk license price increases.
In recent years, many hosters, agencies and freelancers have seen how:
- License costs per server or per number of domains keep going up.
- Calculating total cost becomes more complex in scenarios with many small sites.
- Migrating to new licensing structures (or higher tiers) often ends up meaning a significant increase in monthly or yearly spending.
This is leading some of the market to start abandoning Plesk, or at least to restrict it to specific use cases, while exploring lighter, more flexible or more affordable alternatives, especially in cloud or individually managed VPS environments.
Among the most mentioned alternatives in the ecosystem are:
- RunCloud
A server management platform focused on PHP and Node.js, making it easier to deploy applications (especially WordPress) on self-managed VPSs, with an emphasis on automation and performance best practices. - Ploi.io
Aimed at developers and DevOps teams. It enables launching Laravel, PHP, Node.js and other stacks on your own servers, with automated deployments, Git integrations and a focus on simplicity. - ServerAvatar
A popular option among freelancers and small agencies who want to manage multiple servers and sites without the overhead of a large, monolithic panel, usually with a more affordable pricing model than traditional per-server panels. - FlyWP
Focused on WordPress, with a very specific approach for developers and agencies managing projects on VPS and cloud providers. The proposal is to act as a modern WordPress-oriented “control panel as a service”, with integrated staging, cloning and deployment tools.
Compared to these services, Plesk still stands out for:
- Its multi-service approach (web, mail, DNS, databases, WordPress, Joomla, etc.) in a single interface.
- Deep integration with official extensions and the WebPros ecosystem.
- Its ability to serve both shared hosting and resellers as well as more advanced environments.
But the message is clear: the more costs rise, the easier it becomes for part of the market to look at cloud-managed control panels or more modular and specialized solutions, especially for new projects or environments where flexibility and cost per site are key.
What should hosters and admins do now?
Given the current landscape, it makes sense for each provider or system administrator to consider a few questions:
- Does it still make sense to use Plesk for every use case?
- For classic shared hosting, with mail included and tens or hundreds of domains on a single server, Plesk remains a very solid solution.
- For one-off projects, microservices and specific applications, it can be interesting to separate workloads and use lighter panels or “panel-as-a-service” solutions like RunCloud, Ploi.io, ServerAvatar or FlyWP.
- Am I actually taking advantage of the recent improvements?
- Support for Debian 13 and MariaDB 11.8.
- TuxCare ELS for legacy PHP applications.
- WP Toolkit 6.9 with portable backups across panels.
- Security enhancements (OWASP CRS, MFA, Repair Kit, Composer, etc.).
- Do I have a multi-panel or transition strategy?
- Many providers are opting for a hybrid approach: keeping Plesk where it makes more sense, and starting to deploy new projects on other platforms, reducing dependency and softening the impact of future price increases.
Conclusion
Plesk Obsidian 18.0.74 and its recent updates strengthen the platform in what has always been its main advantage: a comprehensive control panel with solid support for modern distributions, a broad ecosystem of extensions and a constant focus on security.
However, the business context has changed. Ongoing price hikes have raised alarms across much of the sector, which is already exploring alternatives such as RunCloud, Ploi.io, ServerAvatar or FlyWP for certain use cases.
The result is a scenario in which Plesk remains an important piece of the puzzle, but no longer the only one or necessarily the default choice. Today more than ever, the decision comes down to carefully weighing functionality, total cost, flexibility and operational complexity.
