Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Cloudways should add DDoS protection service

    DDoS is a common problem now, maybe Cloudways can add a DDoS Mitigation service and upgrade their Network hardware to secure against Level 3 DDoS attacks

    625 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      33 comments  ·  Security  ·  Admin →

      After some difficulties with Cloudflare, we have spoken now with Sucuri (https://sucuri.net/). They offer malware removal, website firewall (providing DDoS protection among other things, requires DNS redirection to point to their firewalls) and site scanning (via local agent). All features independent (we can offer all or some).

      We are thinking that a better approach to solving our customers problems when it comes to security and performance will be to offer (as add-ons) Sucuri (security centric and very focused on our most common apps) and MaxCDN (pure CDN focused on performance).

      Any one has had experience with Sucuri? We have already tested (and in talks with them) and looks very promising.

      Let us know thoughts on this (Sucuri + MaxCDN) approach (vs Cloudfront). We know this is well overdue and want to get it rolling.

      Cloudways Team

    • A better backup scheme

      So here my suggestion for a better backup scheme. Do something like keeping:
      = 1 - 3 monthly backups
      + 3 weekly backups
      + 4 - 6 daily backups
      This way a longer period is covered without increasing the space required for backups. You can try keeping it at 8, although 12 would be ideal as it will cover last 3 mo, last 3 wk, and last 6 days.

      Other suggestions:
      - Allow to choose the time of day to do backup so it won't slow down the server during busy hours.
      - Allow to choose external backup destination like…

      319 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        under review  ·  12 comments  ·  Security  ·  Admin →
      • Add Blacklist section in your security tab

        The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?

        There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.

        92 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          5 comments  ·  Security  ·  Admin →
        • Different MySQL users - one for managing database and one with limited permissions for usage in scripts

          As many apps stores MySQL credentials in a plain text inside code. I suggest to provide us with 2 MySQL users
          1) Admin user - with the most wide permissions
          2) Script user - allowed only to manipulate with rows (CRUD)

          This is common security practice on other hostings.

          84 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            7 comments  ·  Security  ·  Admin →
          • Add BitNinja.io security for both Server and Apps

            Would be great having this installed as an option. Would protect server and all the Apps installed so we don't necessary have to go for Sucuri for each single App when clients cannot afford.

            84 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Security  ·  Admin →
            • SSH On Off Button

              A simple button to turn ssh on and off, ssh can be turned off until the admin needs to use it so it adds an additional level of security straight on the dashboard. Thanks

              73 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                2 comments  ·  Security  ·  Admin →
              • Allow firewall options

                Allow us to customise the firewall (to define which port numbers can be opened)

                54 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Security  ·  Admin →
                • HSTS (Strict Transport Security)

                  Hi,

                  Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.

                  52 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Security  ·  Admin →
                  • Be able to Change SSL Settings for Faster SSL

                    http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/

                    Lists options to improve the speed of SSL transactions. It would be great to be able to enable these settings changes either manually through the console or via interface.

                    37 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Security  ·  Admin →
                    • fail2ban

                      I was wondering if fail2ban was available on cloudways instances. I would love managing login attempts and throttling bots with it.
                      This could even be integrated in the console at application level.

                      I know I can do this with WordFence and others, but it's so much more efficient. Doing this kind of thing with WP plugins is so inefficient, it still require PHP processes.

                      While not replacing a full DDoS and WAF service, this is probably still a good affordable and efficient protection and I have the feeling that is being already used for handling ssh login attempts.

                      28 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Security  ·  Admin →
                      • SFTP access by white listed IP only

                        SFTP access should be able to be set to only accept a white listed IP address.

                        28 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Security  ·  Admin →
                        • Virus Sanner to find infected malicious files

                          Hi, I have found my wordpress file corrupted by some malicious code due to which our site is running slow. This code was found in all functin.php files. I was not understanding suddenly why site performance got so much degraded. After checking all file and uninstalling plugin then too i didnt find reason for same. After long research i got to know that some code has been uploaded to function.php file. I haven't reseted file permission so its some server security lack that such code was uploaded. Now i want to scan file to check that no more infacted files…

                          26 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Security  ·  Admin →
                          • Option for Two Factor authentication for team members

                            its great to have Two Factor Authentication for Application Member area, but it will be useful when we start doing it for inside ClickNGo aswell, so jr and sr. team members all use their Auths

                            26 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Security  ·  Admin →
                            • Allow customers to create database users

                              When having Master Credentials you con go to the MySQL Manager and create a user, but when you want to save you get:
                              "Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation"
                              You should allow permissons for Master Credentials to creat DB users

                              23 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Security  ·  Admin →
                              • OCSP stapling

                                Please switch on OCSP stapling. This feature makes access to HTTPS sites faster in case of OSCP present, so avoid clients requests to CA to verify certs.

                                22 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  5 comments  ·  Security  ·  Admin →
                                • Block semalt.com and associated sites Bad Bots

                                  Semalt.com is causing problems for many sites across the web and is messing up Google Analytics results and reports. I've also read that they do not adhere to robot.txt protocol.

                                  I've added some rules to my htaccess. as they keep creating different domains that they send bots from. I tried to deny their IP in htaccess but this caused a 500 server error for me.

                                  I was wondering if you'd ever consider blocking these sites server side for all your customers.

                                  18 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Security  ·  Admin →
                                  • Require SSH keys for login / SFTP

                                    Once SSH keys have been set up on a server, password login should be disabled, or at least have an option to disable it.

                                    13 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Security  ·  Admin →
                                    • Security Log for Team Members

                                      I would love to see some form of a actions/security log which is stores X amount of entries per month.

                                      What Security/Actions Log?

                                      Ability to track who has logged in from where.
                                      Which Team Member has moved, created, deleted applications.
                                      Which Team Member has changed a setting within Servers/Applictions.

                                      Any other detailed information.

                                      Here is an example that PHPBB uses, or Wordpress Security Audit which has similar functions as to what im suggesting.

                                      http://cdn.inmotionhosting.com/support/images/stories/edu/phpbb/maintenance/mod-log.png
                                      http://files.staticfsr.org/files/images/PhpBB%203%20Admin%20Logs.jpeg

                                      Ability to export the log via csv would be great too. This would keep your DB less cluttered as you would purge the entries every…

                                      12 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        2 comments  ·  Security  ·  Admin →
                                      • Allow other SQL GUIs to connect to the database

                                        Cloudways should allow their users to connect to their databases with the MYSQL GUI of their choice. I was unable to use MySQL Workbench and Cloudways support essentially told me they couldn't help me because the tech believed there was an incompatibility with the OSX version and the Cloudways server. So I'm stuck using the Cloudways interface, which is not nearly as powerful as Sequel Pro.

                                        11 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Security  ·  Admin →
                                        • Please add TFA option for team account. Not only the main account

                                          Please add TFA option for team account. So the server security never get compromised by team account hijack

                                          10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            2 comments  ·  Security  ·  Admin →
                                          ← Previous 1 3
                                          • Don't see your idea?

                                          Feedback and Knowledge Base