The 26 percent Plesk price increase that took effect January 1, 2026 is the commercial reality every Plesk operator is now managing. The 18.0.77 release lands in that context: it is not a minor patch. The update addresses European accessibility compliance requirements, introduces new SSL certificate tooling, removes the APS application catalog entirely, and includes a critical security fix for Windows deployments. A promised AI Copilot extension remains on the roadmap with no confirmed ship date. For operators running Plesk at scale, the release has both immediate action items and longer-term positioning questions.
Accessibility, SSL Tooling, and Platform Changes
The headline change in 18.0.77 is a significant accessibility overhaul. Plesk updated approximately 200 frequently used interface pages to align with the European Accessibility Act (EAA) and WCAG 2.1 guidelines. For operators serving business customers in Europe, EAA compliance is no longer optional: the Act came into force in June 2025. Operators who need to demonstrate EAA compliance to enterprise clients have a stronger position with this release than without it.
Additional functional changes in this release:
- GoAccess: an open-source web log analyzer now available directly within the panel on Linux servers, giving operators and customers access to real-time traffic data without depending on third-party analytics tools
- ACME SSL extension: native support for issuing wildcard and non-wildcard certificates via the ACME protocol, covering HTTP-01 and DNS-01 challenge types
- SSL It!: no longer requires an email address when requesting Let’s Encrypt certificates
The APS Catalog has been fully removed from all Plesk Obsidian versions. Applications already installed through APS continue to function, but no new APS application installations are supported. Operators running shared hosting environments where customers used APS should identify any affected accounts and communicate this change before customers encounter it themselves.
Two items require immediate action:
- Windows deployments: update immediately; the release contains a critical security fix for that platform
- Linux servers: apply kernel updates from distribution channels to address DirtyFrag (CVE-2026-43284), a local privilege escalation in Linux kernel IPsec and RxRPC paths
Third-party components updated in this release include Roundcube 1.6.14 and PHP 8.4.19.
The Pricing Change That Took Effect January 1
Effective January 1, 2026, Plesk increased pricing across its license tiers by approximately 26 percent. For operators running large fleets, the increase compounds with broader hosting infrastructure cost pressure visible across the sector. WebPros, the parent company of Plesk and cPanel, has positioned the price increase as reflecting investment in security tooling, AI integration, and continued support for legacy components.
The practical consequence for hosting providers is a meaningful increase in per-server licensing costs that does not automatically translate into higher plan prices in competitive shared hosting and VPS markets. Some operators have responded by accelerating evaluation of open-source panel alternatives including HestiaCP, CyberPanel, and Virtualmin. Others have absorbed the cost and adjusted plan pricing where market conditions allow. The question for any operator approaching a renewal decision is whether the AI Copilot and security roadmap justify the increased cost at the current licensing level.
TuxCare Extended Lifecycle Support for Legacy PHP
The TuxCare Extended Lifecycle Support for PHP extension has been available in the Plesk Extensions Catalog since late 2025. The 18.0.77 release expanded its platform coverage to Debian 13 and AlmaLinux 10. The extension covers PHP versions 5.6 through 8.1, all of which have reached end of life upstream and no longer receive security patches from the PHP project.
For hosting operators, the practical value is straightforward: customers running legacy PHP applications no longer have to choose between an unpatched runtime and an expensive, disruptive code rewrite. TuxCare ELS provides backported security patches for these versions, which reduces the pressure to force migrations or terminate accounts. It does not eliminate the security risk of running old PHP, but it materially changes the risk profile and the conversations operators need to have with affected customers.
AI Copilot: Announced for 2026, No Confirmed Date
Plesk has announced an AI Copilot extension that will allow administrators to manage Plesk through a natural-language interface. The announcement, included in Plesk’s 2025 year-in-review, lists the Copilot as a 2026 priority. No ship date has been committed publicly.
Natalia Nowak
Exploring the web hosting industry through writing - panels, providers, and everything that runs behind the scenes.
Sources
- Plesk Obsidian 18.0.77 Is Here: Significant Accessibility Developments and New ACME SSL Support - Plesk (official)
- Vulnerability CVE-2026-43284 (DirtyFrag) - Plesk Support (official)
- Keep Legacy PHP Secure with Extended Lifecycle Support in Plesk - Plesk (official)
- TuxCare Extended Lifecycle Support for PHP Extension - Plesk (official)
- Plesk 2025: A Year in Review - Plesk (official)
- Plesk Pricing - Plesk (official)
- Plesk Pricing Changes from January 2026 - CPLicense.net