Skip to content

Product Improvements: Flexible

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

92 results found

  1. Add Blacklist section in your security tab

    The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?

    There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.

    123 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  29 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Virus Scanner to find infected malicious files

    Hi, I have found my wordpress file corrupted by some malicious code due to which our site is running slow. This code was found in all functin.php files. I was not understanding suddenly why site performance got so much degraded. After checking all file and uninstalling plugin then too i didnt find reason for same. After long research i got to know that some code has been uploaded to function.php file. I haven't reseted file permission so its some server security lack that such code was uploaded. Now i want to scan file to check that no more infacted files…

    99 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Different MySQL users - one for managing database and one with limited permissions for usage in scripts

    As many apps stores MySQL credentials in a plain text inside code. I suggest to provide us with 2 MySQL users
    1) Admin user - with the most wide permissions
    2) Script user - allowed only to manipulate with rows (CRUD)

    This is common security practice on other hostings.

    58 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Allow firewall options

    Allow us to customise the firewall (to define which port numbers can be opened)

    47 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. HSTS (Strict Transport Security)

    Hi,

    Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.

    38 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Allow Country Blocking at the Server Level

    Please consider allowing us to choose Server access to specific countries at the Server Level. If our WP sites or other applications (even our clients) are selling only within the US, why should we not block access to all other countries trying to access the server. There are so many daily hack attempts from countries outside the US, but even if this were not the case, allowing the user to manage Country Access (perhaps by blocking IP ranges) would greatly reduce the effect of DDOS attacks and also reduce server load from unrelated or unnecessary website visits. Thanks!

    36 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Firewall Management + fail2ban support

    It would be useful to have the ability to configure the default firewall rules at server level, rather than relying on htaccess files which are useless for managing large data sets (i.e. IP lists/ranges).

    Additionally, having fail2ban installed and bridging between the firewall would be extremely helpful for using plugins like wp-fail2ban, which automatically bans "bruteforce" login attempts at server level, rather than application level.

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Allow customers to create database users

    When having Master Credentials you con go to the MySQL Manager and create a user, but when you want to save you get:
    "Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation"
    You should allow permissons for Master Credentials to creat DB users

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Add to CloudwaysCDN DDoS Protection and WAF

    Now that there is a Partnership With StackPath this shouldn't be hard. Add another option, charge more, but add the possibility please. If you look at the comments about CloudwaysCDN on the Facebook Group and on the blogpost about it you'll see there is a demand for it.

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Salt & hash all passwords currently visible/viewable in CloudWays admin

    While the CloudWays service is great, I've been concerned for a while now that I can simply click to copy passwords for SFTP, SSH, databases & WordPress. My concerns have been amplified as yesterday over 1.2 million compromised passwords were stolen from GoDaddy because they stored their details in a similar way: https://wptavern.com/godaddy-data-breach-exposes-1-2-million-active-and-inactive-managed-wordpress-hosting-accounts

    Simply put: ALL passwords stored on CloudWays should be salted & hashed. There should be no way for CloudWays (or me) to retrieve them once they've been saved. The fact that I can indicates they are being stored as plaintext, which is a huge security issue. Passwords…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Integrate firewall with CDN

    There are probably many needed enhancements to the firewall. One that would be especially helpful would be to block traffic that doesn't originate through the CDN.

    For example, with Cloudflare, hackers can sometimes use historical dns records to discover your server's origin IP address. They can then circumvent Cloudflare's ddos and firewall features.

    An option in the Cloudways firewall to only accept traffic through the CDN would eliminate this whole class of vulnerabilities.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Security Log for Team Members

    I would love to see some form of a actions/security log which is stores X amount of entries per month.

    What Security/Actions Log?

    Ability to track who has logged in from where.
    Which Team Member has moved, created, deleted applications.
    Which Team Member has changed a setting within Servers/Applictions.

    Any other detailed information.

    Here is an example that PHPBB uses, or Wordpress Security Audit which has similar functions as to what im suggesting.

    http://cdn.inmotionhosting.com/support/images/stories/edu/phpbb/maintenance/mod-log.png
    http://files.staticfsr.org/files/images/PhpBB%203%20Admin%20Logs.jpeg

    Ability to export the log via csv would be great too. This would keep your DB less cluttered as you would purge the entries every…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Single Sign-on / SAML authentication for access to the cloudways console

    Provide the ability to leverage SAML providers like Okta, OneLogin, or ADFS for single sign-on to the cloud console. This would improve security for as well as the user experience.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Change wordpress login page url within cloudways to prevent brute-force login attempts

    It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Automatic IP attack blocking

    I would suggest that ips be blocked automatically by Cloudways when they were hitting on the site of yours continuously

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Cloudflare - add option to prevent bypass

    I suggest you add a Cloudflare option which prevents any ip having direct access to website unless its through Cloudflare. Currently it's very easy to bypass Cloudflare unless you add a custom rule for us. But it would be better if it was an options

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Allow "global" or account-level SSH keys, which are automatically added to every server

    Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.

    Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Stop server from leaking SSL information

    If the application is served through a WAF, you don't want anyone to bypass the WAF by accessing the server using its IP address.

    Cloudways gives us the option to disable access to the application using the IP address only (apache Access Application via IP). However, the web server is still responding to SSL requests, thus leaking the certificate information that would include the common name.

    The SSL certificate should only be presented to the WAF/requests using the hostname/URL and not by accessing the IP address.

    It seems that cloudways is using nginx as a reverse proxy in front of…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. create a drop-down for "SSL ciphers" in the "APPLICATION SETTINGS" below the "TLS VERSIONS" for customers who want only strong SSL ciphers

    Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
    Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.

    You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.

    The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Passkey support

    Passkeys need to be implemented for logging in to Cloudways. Passkeys are better / more secure than traditional passwords and 2FA. Big players like Google, Apple, Amazon, PayPal, etc are all already using passkeys.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base