Skip to content

Product Improvements: Flexible

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

102 results found

  1. Audit / Security / Action Logs

    It is critical for many businesses to be able check the actions and changes that are made on an account in order to debug, detect abnormal activities, intrusion or restoring certain setting back to their original, etc.

    After discussing with the support on a separate ticket about an incident we detected as unusual, we felt the need for this feature more than ever.

    Right now it is time consuming for support to check system logs and it is not easy to have a clear picture of WHAT happened and WHO did EXACTLY what and WHERE it was happening.

    We got…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. TFA via Text messaging

    Please offer TFA on unique code via Mobile Text message.
    For those who do NOT want to use Google Authentication on mobile phones please use this.
    Digital Ocean have been doing it successfully for almost 7 years.
    Send TFA on mobile text message.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. OpenSSH 8.1 Upgrade

    Needed for PCI/DSS compliance.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Force log out from all devices

    It's a really must have option for all server owners.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Highlight Invalid Domain(s) When Creating or Renewing SSL

    When you have multiple domains under an SSL and in our case over 50 and the SSL cert fails due to 1 or more domains not being pointed correctly it would be helpful to have those domains highlighted so they could be fixed and not having to go through each domain to see what is causing the error.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Be able to name and order IPs

    Hi !

    It would be interesting to be able to create groups of IPs and name or tag these IPs in order to visually understand who has been given access to MySQL/SSH services.

    Example :

    External company 1: 127.0.0.1 127.0.0.2 127.0.0.3
    External company 2: 172.0.0.1 172.0.0.2
    Freelance dev: 120.0.0.1
    My company: Ips list ....

    Thx

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Able to turn-off session timeout in the Cloudways Platform

    Throughout the day, I am logged out of the Cloudways platform and must re-login in order to access it. When you need to monitor sites then this can become very annoying.

    I understand this is due to security reasons, when talking to customer support they also confirmed this and mentions that this is due to a session timeout and an additional layer of security for the portal. They also mentioned that there is no option to unset it.

    It would be great if we can decide ourselves if we want to use this security measure and it should be possible…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Allow API access to be granular

    I would like to use the API to do a Git deploy on select applications. I would write a script and put the script on a server. As that would be the only job that API key would do, I would like to limit it by that permission/function and also to what server and applications it could do a git pull on.

    So I see two ways to do this, one would be attach the API key the the current user. And what that user has permissions to in the UI would be what that key would have.

    Another would…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Salt & hash all passwords currently visible/viewable in CloudWays admin

    While the CloudWays service is great, I've been concerned for a while now that I can simply click to copy passwords for SFTP, SSH, databases & WordPress. My concerns have been amplified as yesterday over 1.2 million compromised passwords were stolen from GoDaddy because they stored their details in a similar way: https://wptavern.com/godaddy-data-breach-exposes-1-2-million-active-and-inactive-managed-wordpress-hosting-accounts

    Simply put: ALL passwords stored on CloudWays should be salted & hashed. There should be no way for CloudWays (or me) to retrieve them once they've been saved. The fact that I can indicates they are being stored as plaintext, which is a huge security issue. Passwords…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Security

    Hi there,

    I recently learned about the login lock feature at BigScoots.

    The Login Lock feature allows for an extra layer of login security on the WP admin dashboard. You can read more about it at the link below:

    https://blog.bigscoots.com/wordpress-optimized-portal-wpo/#admin-security-lock

    Will Cloudways be releasing something similar soon? It would be great to have an extra layer of login security available for our sites.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Show Two factor Auth status on Team page.

    Users can turn on two-factor authentification in their account.
    But there is currently no way to see if the team members you have in your team have enabled it. It makes it impossible to enforce two-factor auth and poses a security risk.

    Suggestion: Show "2FA enabled" next to team members that have enabled it on the Team page.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Allow "global" or account-level SSH keys, which are automatically added to every server

    Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.

    Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Provide alerts on successful SSH and SFTP login

    Please provide alerts on successful SSH and SFTP logins to a server.

    These alerts are important for visibility of when someone has accessed the server and making sure that access was expected.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Security issue-Visible passwords in Dashboard needs immediate attention

    Coming from different managed hosting, I just joined cloudways, only to be surprised that sufficient security for protecting passwords is not in place. I can see the passwords are visible to me but also to the support agents that have access to the same area and hence openly visible to them. They can see Wordpress password ( which is not issue, as they told me it is default one and if changed in wordpress admin, will not be reflected here). My biggest concern is the sensitive passwords for SQL database and application credentials. The eye icon placed next to passwords…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots

    If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.

    There are two easy ways to get around this that I can think of:

    1. do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable

    2. as a part of the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Setting Sucuri as WAF should also enable WAF bypass prevention

    In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.

    Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:

    location / {
    allow 192.88.134.0/23;
    allow 185.93.228.0/22;
    allow 2a02:fe80::/29;
    allow 66.248.200.0/22;
    allow 208.109.0.0/22;
    deny all;
    ....
    }

    There should be an option to do that when chosing sucuri as a WAF.

    Also, if you contact support to add those rules for you (which…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Stop server from leaking SSL information

    If the application is served through a WAF, you don't want anyone to bypass the WAF by accessing the server using its IP address.

    Cloudways gives us the option to disable access to the application using the IP address only (apache Access Application via IP). However, the web server is still responding to SSL requests, thus leaking the certificate information that would include the common name.

    The SSL certificate should only be presented to the WAF/requests using the hostname/URL and not by accessing the IP address.

    It seems that cloudways is using nginx as a reverse proxy in front of…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Change wordpress login page url within cloudways to prevent brute-force login attempts

    It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base