Skip to content

Product Improvements: Flexible

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

101 results found

  1. you are being hacked by the civil and federal police in Brazil. Just to let you know.

    you are being hacked by the civil and federal police in Brazil. Just to let you know. they said they are hacking you

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Security Vulnerability in the "Nickname" System for Administrator Users in Control Panel

    Hello,

    We appreciate your hosting of our website, and we would like to draw your attention to a security vulnerability in the "Nickname" system for the administrator user in the control panel.

    Based on our experience, the email address of the administrator user is displayed by default in the "Nickname" field. This represents a significant security risk, as attackers can rely on this information to hack the website.

    We strongly recommend assigning a different username for the administrator user and avoiding the use of any personal information in the nicknames.

    We hope that you take this matter seriously and take…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. TFA via Text messaging

    Please offer TFA on unique code via Mobile Text message.
    For those who do NOT want to use Google Authentication on mobile phones please use this.
    Digital Ocean have been doing it successfully for almost 7 years.
    Send TFA on mobile text message.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. malware scan not a partnership

    I prefer to pay to cloudway for malware scan and not buying plugins.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Highlight Invalid Domain(s) When Creating or Renewing SSL

    When you have multiple domains under an SSL and in our case over 50 and the SSL cert fails due to 1 or more domains not being pointed correctly it would be helpful to have those domains highlighted so they could be fixed and not having to go through each domain to see what is causing the error.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Able to turn-off session timeout in the Cloudways Platform

    Throughout the day, I am logged out of the Cloudways platform and must re-login in order to access it. When you need to monitor sites then this can become very annoying.

    I understand this is due to security reasons, when talking to customer support they also confirmed this and mentions that this is due to a session timeout and an additional layer of security for the portal. They also mentioned that there is no option to unset it.

    It would be great if we can decide ourselves if we want to use this security measure and it should be possible…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Allow API access to be granular

    I would like to use the API to do a Git deploy on select applications. I would write a script and put the script on a server. As that would be the only job that API key would do, I would like to limit it by that permission/function and also to what server and applications it could do a git pull on.

    So I see two ways to do this, one would be attach the API key the the current user. And what that user has permissions to in the UI would be what that key would have.

    Another would…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots

    If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.

    There are two easy ways to get around this that I can think of:

    1. do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable

    2. as a part of the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Setting Sucuri as WAF should also enable WAF bypass prevention

    In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.

    Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:

    location / {
    allow 192.88.134.0/23;
    allow 185.93.228.0/22;
    allow 2a02:fe80::/29;
    allow 66.248.200.0/22;
    allow 208.109.0.0/22;
    deny all;
    ....
    }

    There should be an option to do that when chosing sucuri as a WAF.

    Also, if you contact support to add those rules for you (which…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. that there should be mechanism for notification of requests generated by instead load on the server.

    that there should be mechanism for notification of requests generated by instead load on the server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. SSH keys should accept eliptic curves - not only RSA

    SSH keys should accept eliptic curves - not only RSA
    RSA is old, using too big big length.
    I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. provide a way for site-administrators to view the auth.log

    When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
    Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?

    Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
    * auth.log
    * sftpserver.log
    * history of auth and sftp
    server logs so that we can go back at least a week to see if we…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. SSH/Platform Login Alerts

    As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:

    • Cloudways Login
    • SSH Login (IP/Location etc)
    • SFTP Login
    • Changes to application/server configiration
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. close the different IP verify

    Our different colleagues need sign in cloudways frequently, so we suggest if can close the different IP verify

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 2FA with Whitelisting

    For those with 2FA, allow someone to whitelist their work ip address for XX days, so that 2FA is only required when time expires or access is from a new ip.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Fix password change system

    At the moment, when signing up there is no limit to password length, but when changing a password, it is limited to 20 characters. This results in the "old" password not being recognised correctly, presumably as it's looking for a password of maximum 20 characters.

    So if you create a password with more than 20 characters as your first password, you can't change it without logging out and doing "forgotten password". Rubbish!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base