• Log in to the server as root via SSH.
• Create an empty file named root.crontab.lock in the $PRODUCT_ROOT_D/var/ directory. This prevents administrative users from running cron jobs and seeing tasks scheduled to run as root.
• Create in $PRODUCT_ROOT_D/var/ directory Create an empty file named root.event_handler.lock . This prevents administrator users from creating event handlers that run as root.
• After completing the previous two steps, your SSH terminal will have root access disabled.

2. The Plesk administrator disables root access in the SSH terminal via panel.ini . This does not disable root access in scheduled tasks and events.

• Disable root access using the following panel.ini option:
  • [ext-ssh-terminal]
    rootAccessAllowed = false
• To prevent panel editing in the Plesk GUI, add the 'Panel.ini editor' extension to the blacklist using the following panel.ini option (this cannot be installed on the server).

3. Disable SSH terminal extension via panel.ini for both Plesk admins and subscribers. This does not disable root access on scheduled tasks and event handlers. Use the following panel.ini options to blacklist the 'SSH Terminal' and 'Panel.ini editor' extensions (so they cannot be installed on the server).

• • [extensions]
    blacklist = ssh-terminal, panel-ini-editor