Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
89 results found
-
Cloudflare - add option to prevent bypass
I suggest you add a Cloudflare option which prevents any ip having direct access to website unless its through Cloudflare. Currently it's very easy to bypass Cloudflare unless you add a custom rule for us. But it would be better if it was an options
11 votes -
Add user agent exclusion in immunify360 firewall rules
I would like to be able to add a user agent exclusion to the new immunity firewall, so for example not be blacklisted for screaming frog spider scans
maybe also the possibility to add ip whitelist via api service
2 votes -
Play Basketball Stars game!
The accessibility of basketball stars significantly contributes to its appeal. The simplicity of its use allows players of all ability levels to enjoy it. Participants are captivated by the narrative and the rapid action. Basketball Stars offers numerous customization options that enable gamers to personalize their avatars and adorn them with appealing items.
In addition to its engaging gameplay, Basketball Stars facilitates communication among basketball enthusiasts. A thrilling social aspect is the opportunity to compete against friends or adversaries globally in multiplayer modes.
In conclusion, Basketball Stars is an exhilarating online game that provides a unique basketball experience. The rapid…
1 vote -
Allow Master account to change files ownership to Application user
- Connect via SSH using the Master Account
- Write new files in an Application (e.g. via git pull)
- use chown to set ownership to the Application user account
- You have: Operation not permitted
This is a problem when creating scripts to update part of an application (I cannot use the global git pull that you provide).
And it is not possible to use git pull for private Git repositories with the Application account because ~/.ssh is not writable for it.1 vote -
Passkey support
Passkeys need to be implemented for logging in to Cloudways. Passkeys are better / more secure than traditional passwords and 2FA. Big players like Google, Apple, Amazon, PayPal, etc are all already using passkeys.
8 votes -
Blacklist and block IP addresses
Via the Bot Protection section, which is Malware, it would be really beneficial to be able to click a red X (next to the whitelist green check) to block and blacklist an IP listed in the log.
2 votes -
Whitelist IPs for the API
Like the MySQL and SFTP IP whitelisting options, the API should have a whitelisting function. Or at least the ability to see connected domains and block specific connections.
For example, if I have 1,000 client sites that use the API and just one leaks the API auth details somehow, I would need to manually change 1,000 sites immediately. But by being able to whitelist the servers the clients are on, I would have more time to change the keys, without worrying.
I want to whitelist only my servers so only my clients' websites can use the API.
1 vote -
2 votes
-
wp-config file permissions for secure install
Wordpress wp-config file permissions are 664, should be 640 I think. This is the first thing I changed after migrating our sites here. 664 means the DB credentials are readable by any bot, malware scanner, or public user. We got hacked 10 years ago on this very setting being open to the public.
1 vote -
Ability to view SFTP users for application made by other users
Currently, if another account in your Cloudways system makes an SFTP account for a server you own/manage you cannot see the account that was created! It does not show up in the GUI at all.
This is a huge security concern, as it allows for shadow users to be added with no feedback to the owner of the account.
As an account owner, your owner login should be able to view all SFTP accounts created by server and application, listed in the application as if you created it yourself.
Even if you setup allow-listing for IP addresses, this still does…
1 vote -
Let server admins (not just account owners) mute alerts OR let server admins disable vulnerability alerts
The "Alert: Vulnerabilities detected on your application" emails can only be disabled by account owners by muting the alerts (here's how: https://support.cloudways.com/en/articles/5119834-how-to-mute-cloudways-bot-notifications). We have their sites set up with automatic plugin updates and that works fine for us. These alerts are making our customers worried for no good reason, and it's making maintenance more of a pain for me since I now have to reassure them everything's fine.
It isn't a big annoyance for a customer to receive such an alert but try to imagine a web maintainer (like myself) having to answer multiple questions from concerned customers. We…
2 votes -
Add Bytespider and PetalBot to the Bot Protection list
Please add the following nasty bots to the Bot Protection by default.
Bytespider & PetalBot
Thanks
1 vote -
Audit / Security / Action Logs
It is critical for many businesses to be able check the actions and changes that are made on an account in order to debug, detect abnormal activities, intrusion or restoring certain setting back to their original, etc.
After discussing with the support on a separate ticket about an incident we detected as unusual, we felt the need for this feature more than ever.
Right now it is time consuming for support to check system logs and it is not easy to have a clear picture of WHAT happened and WHO did EXACTLY what and WHERE it was happening.
We got…
4 votes -
start caring about security & uptime
This is my idea --- Cloudways should start caring about security. Yes. My idea is that basic. How do I go for days not knowing that my clien'ts small local business website is redirecting to a russian domain selling crappy products?
I got NO alert. Nothing.
But this isn't all. I don't get alerts for 404s, soft 404s, 500s, nothing.
Cloudways assumes that if a page is throwing a 404 that it still up and good.
What I am asking for feels like the most basic things... things that hosting company would take care of long before hundreds of far…
1 vote -
Use stricter default WordPress permissions
I think the default WordPress file/folder permissions should be the stricter options available rather than those currently used on Cloudways.
https://www.google.com/search?q=default+wordpress+permissions&oq=default+wordpress+permissions&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI2MzdqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-81 vote -
Security Vulnerability in the "Nickname" System for Administrator Users in Control Panel
Hello,
We appreciate your hosting of our website, and we would like to draw your attention to a security vulnerability in the "Nickname" system for the administrator user in the control panel.
Based on our experience, the email address of the administrator user is displayed by default in the "Nickname" field. This represents a significant security risk, as attackers can rely on this information to hack the website.
We strongly recommend assigning a different username for the administrator user and avoiding the use of any personal information in the nicknames.
We hope that you take this matter seriously and take…
1 vote -
OpenSSH 8.1 Upgrade
Needed for PCI/DSS compliance.
3 votes -
TFA via Text messaging
Please offer TFA on unique code via Mobile Text message.
For those who do NOT want to use Google Authentication on mobile phones please use this.
Digital Ocean have been doing it successfully for almost 7 years.
Send TFA on mobile text message.1 vote -
Force log out from all devices
It's a really must have option for all server owners.
3 votes -
1 vote
- Don't see your idea?