Product Improvements: Flexible
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
94 results found
-
Ability to view SFTP users for application made by other users
Currently, if another account in your Cloudways system makes an SFTP account for a server you own/manage you cannot see the account that was created! It does not show up in the GUI at all.
This is a huge security concern, as it allows for shadow users to be added with no feedback to the owner of the account.
As an account owner, your owner login should be able to view all SFTP accounts created by server and application, listed in the application as if you created it yourself.
Even if you setup allow-listing for IP addresses, this still does…
2 votes -
Let server admins (not just account owners) mute alerts OR let server admins disable vulnerability alerts
The "Alert: Vulnerabilities detected on your application" emails can only be disabled by account owners by muting the alerts (here's how: https://support.cloudways.com/en/articles/5119834-how-to-mute-cloudways-bot-notifications). We have their sites set up with automatic plugin updates and that works fine for us. These alerts are making our customers worried for no good reason, and it's making maintenance more of a pain for me since I now have to reassure them everything's fine.
It isn't a big annoyance for a customer to receive such an alert but try to imagine a web maintainer (like myself) having to answer multiple questions from concerned customers. We…
3 votes -
Audit / Security / Action Logs
It is critical for many businesses to be able check the actions and changes that are made on an account in order to debug, detect abnormal activities, intrusion or restoring certain setting back to their original, etc.
After discussing with the support on a separate ticket about an incident we detected as unusual, we felt the need for this feature more than ever.
Right now it is time consuming for support to check system logs and it is not easy to have a clear picture of WHAT happened and WHO did EXACTLY what and WHERE it was happening.
We got…
4 votes -
Add Bytespider and PetalBot to the Bot Protection list
Please add the following nasty bots to the Bot Protection by default.
Bytespider & PetalBot
Thanks
1 vote -
start caring about security & uptime
This is my idea --- Cloudways should start caring about security. Yes. My idea is that basic. How do I go for days not knowing that my clien'ts small local business website is redirecting to a russian domain selling crappy products?
I got NO alert. Nothing.
But this isn't all. I don't get alerts for 404s, soft 404s, 500s, nothing.
Cloudways assumes that if a page is throwing a 404 that it still up and good.
What I am asking for feels like the most basic things... things that hosting company would take care of long before hundreds of far…
1 vote -
Use stricter default WordPress permissions
I think the default WordPress file/folder permissions should be the stricter options available rather than those currently used on Cloudways.
https://www.google.com/search?q=default+wordpress+permissions&oq=default+wordpress+permissions&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI2MzdqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-81 vote -
Security Vulnerability in the "Nickname" System for Administrator Users in Control Panel
Hello,
We appreciate your hosting of our website, and we would like to draw your attention to a security vulnerability in the "Nickname" system for the administrator user in the control panel.
Based on our experience, the email address of the administrator user is displayed by default in the "Nickname" field. This represents a significant security risk, as attackers can rely on this information to hack the website.
We strongly recommend assigning a different username for the administrator user and avoiding the use of any personal information in the nicknames.
We hope that you take this matter seriously and take…
1 vote -
OpenSSH 8.1 Upgrade
Needed for PCI/DSS compliance.
3 votes -
TFA via Text messaging
Please offer TFA on unique code via Mobile Text message.
For those who do NOT want to use Google Authentication on mobile phones please use this.
Digital Ocean have been doing it successfully for almost 7 years.
Send TFA on mobile text message.1 vote -
Force log out from all devices
It's a really must have option for all server owners.
3 votes -
1 vote
-
Salt & hash all passwords currently visible/viewable in CloudWays admin
While the CloudWays service is great, I've been concerned for a while now that I can simply click to copy passwords for SFTP, SSH, databases & WordPress. My concerns have been amplified as yesterday over 1.2 million compromised passwords were stolen from GoDaddy because they stored their details in a similar way: https://wptavern.com/godaddy-data-breach-exposes-1-2-million-active-and-inactive-managed-wordpress-hosting-accounts
Simply put: ALL passwords stored on CloudWays should be salted & hashed. There should be no way for CloudWays (or me) to retrieve them once they've been saved. The fact that I can indicates they are being stored as plaintext, which is a huge security issue. Passwords…
14 votes -
Highlight Invalid Domain(s) When Creating or Renewing SSL
When you have multiple domains under an SSL and in our case over 50 and the SSL cert fails due to 1 or more domains not being pointed correctly it would be helpful to have those domains highlighted so they could be fixed and not having to go through each domain to see what is causing the error.
1 vote -
Be able to name and order IPs
Hi !
It would be interesting to be able to create groups of IPs and name or tag these IPs in order to visually understand who has been given access to MySQL/SSH services.
Example :
External company 1: 127.0.0.1 127.0.0.2 127.0.0.3
External company 2: 172.0.0.1 172.0.0.2
Freelance dev: 120.0.0.1
My company: Ips list ....Thx
2 votes -
Allow API access to be granular
I would like to use the API to do a Git deploy on select applications. I would write a script and put the script on a server. As that would be the only job that API key would do, I would like to limit it by that permission/function and also to what server and applications it could do a git pull on.
So I see two ways to do this, one would be attach the API key the the current user. And what that user has permissions to in the UI would be what that key would have.
Another would…
2 votes -
2 votes
-
Able to turn-off session timeout in the Cloudways Platform
Throughout the day, I am logged out of the Cloudways platform and must re-login in order to access it. When you need to monitor sites then this can become very annoying.
I understand this is due to security reasons, when talking to customer support they also confirmed this and mentions that this is due to a session timeout and an additional layer of security for the portal. They also mentioned that there is no option to unset it.
It would be great if we can decide ourselves if we want to use this security measure and it should be possible…
1 vote -
Allow "global" or account-level SSH keys, which are automatically added to every server
Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.
Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.
9 votes -
Change wordpress login page url within cloudways to prevent brute-force login attempts
It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.
9 votes -
Show Two factor Auth status on Team page.
Users can turn on two-factor authentification in their account.
But there is currently no way to see if the team members you have in your team have enabled it. It makes it impossible to enforce two-factor auth and poses a security risk.Suggestion: Show "2FA enabled" next to team members that have enabled it on the Team page.
4 votes
- Don't see your idea?