Service Improvement
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
94 results found
-
Allow disabling of weak SSH key exchange algorithms
PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration
4 votes -
Force 2FA for Team Members
As account owner, I can setup 2FA on the main account, but I can't force my team members (some of whom have full access) to do so. This obviously creates a security loophole.
6 votes -
Ability to add multiple SSL certificates per application (neither wildcard nor SAN)
If we have a multisite, we need a wildcard SSL for the subdomains. However if we go further, and provide custom domain (domain mapping) the problem comes that the SSL certificate is only for our domain not the mapped. Would be great if we can (even manually) create more than one certificate. SAN certificates is not the good option, since:
- We are using the wildcard for the own subdomains.
- There is a hard limit with the 100 domains.
- All the custom domains would be listed as secondary domains in the certificate details.
3 votes -
Firewall Management + fail2ban support
It would be useful to have the ability to configure the default firewall rules at server level, rather than relying on htaccess files which are useless for managing large data sets (i.e. IP lists/ranges).
Additionally, having fail2ban installed and bridging between the firewall would be extremely helpful for using plugins like wp-fail2ban, which automatically bans "bruteforce" login attempts at server level, rather than application level.
29 votes -
Fix security problem with Team Member
My niche is high risk for online hacking. In Cloudways I can add a team member, which sends his un-encrypted password to his account. This is high risk. As owner of my account I should be able to change his password, and then I can share via a secure app like Last Pass. Please consider this a high priority request. Thank You
2 votes -
Provide an Edit feature for the admin panel URL path name
Vendors (magento) recommend changing the control panel name from "admin" to something else, it would be great if you can provide an edit facility so we can modify the admin URL so that we can launch the control panel from within cloudways as it only permits the default control panel name.
2 votes -
Add to CloudwaysCDN DDoS Protection and WAF
Now that there is a Partnership With StackPath this shouldn't be hard. Add another option, charge more, but add the possibility please. If you look at the comments about CloudwaysCDN on the Facebook Group and on the blogpost about it you'll see there is a demand for it.
19 votes -
Add ability to add multiple IP addresses at once in the Security panel
Provide the ability to add multiple IP addresses at once in the Security panel for when we need to whitelist IPs for managewp and other services.
2 votes -
Virus Scanner to find infected malicious files
Hi, I have found my wordpress file corrupted by some malicious code due to which our site is running slow. This code was found in all functin.php files. I was not understanding suddenly why site performance got so much degraded. After checking all file and uninstalling plugin then too i didnt find reason for same. After long research i got to know that some code has been uploaded to function.php file. I haven't reseted file permission so its some server security lack that such code was uploaded. Now i want to scan file to check that no more infacted files…
46 votes -
Enable/ Disable mod_security
Please add Enable/ Disable for mod_security . This will increase our servers and applications security.
7 votes -
Security Log for Team Members
I would love to see some form of a actions/security log which is stores X amount of entries per month.
What Security/Actions Log?
Ability to track who has logged in from where.
Which Team Member has moved, created, deleted applications.
Which Team Member has changed a setting within Servers/Applictions.Any other detailed information.
Here is an example that PHPBB uses, or Wordpress Security Audit which has similar functions as to what im suggesting.
http://cdn.inmotionhosting.com/support/images/stories/edu/phpbb/maintenance/mod-log.png
http://files.staticfsr.org/files/images/PhpBB%203%20Admin%20Logs.jpegAbility to export the log via csv would be great too. This would keep your DB less cluttered as you would purge the entries every…
14 votes -
Cloud Firewalls
Will you offer a service similar to Cloud Firewalls, as provided by Digital Ocean? You can check the link here: https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/
6 votes -
Please make your cloud server SOC2 compliant.
Please make your cloud server SOC2 compliant.
3 votes -
Allow customers to create database users
When having Master Credentials you con go to the MySQL Manager and create a user, but when you want to save you get:
"Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation"
You should allow permissons for Master Credentials to creat DB users27 votes -
Enable Encrypted RDS MySQL Database
Enabling Encrypted MySQL Database on Amazon AWS would enable encryption at rest and improve security.
This would be a truly unique offering (trust me, I have been researching this for days), one that I can't believe isn't more requested or offered given the hacks and breaches we have seen over the last few years.
7 votes -
IP Ranges
Need to the ability to save IP ranges to security rather than one at a time.
3 votes -
Add BitNinja.io security for both Server and Apps
Would be great having this installed as an option. Would protect server and all the Apps installed so we don't necessary have to go for Sucuri for each single App when clients cannot afford.
38 votes -
Single Sign-on / SAML authentication for access to the cloudways console
Provide the ability to leverage SAML providers like Okta, OneLogin, or ADFS for single sign-on to the cloud console. This would improve security for as well as the user experience.
10 votes -
Require SSH keys for login / SFTP
Once SSH keys have been set up on a server, password login should be disabled, or at least have an option to disable it.
13 votes -
HSTS (Strict Transport Security)
Hi,
Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.
38 votes
- Don't see your idea?