Firewall Management + fail2ban support
It would be useful to have the ability to configure the default firewall rules at server level, rather than relying on htaccess files which are useless for managing large data sets (i.e. IP lists/ranges).
Additionally, having fail2ban installed and bridging between the firewall would be extremely helpful for using plugins like wp-fail2ban, which automatically bans "bruteforce" login attempts at server level, rather than application level.
+1 for enabling wp-fail2ban, it's actually a simple thing to add support, just add the filter and jail rules to the fail2ban config on all servers like so: https://bjornjohansen.no/using-fail2ban-with-wordpress
This is assuming php already can write to the appropriate log files.
Rhianne Jhane commented
Wonderful post! We are linking to this particularly great article on our site. Keep posting!
On the Features page, CW advertises, "Proactive Cloudways security practices keep all your servers safe and secure. ... All Cloudways hosted servers are protected by OS-level firewalls that filter out malicious traffic and keep out the intruders." This is not completely true, and there's no way to know to what extent it may be partially true. I had to request help hunting down what was causing outages, come to find it was a single IP address from China repeatedly trying to log in to one site, and was told to ban it in htaccess. That is the opposite of "proactive" and "OS-level."
Yeah there definitely needs to be a better way to handle blocking IP/requests at the server level. Trying to do this at the application level is just inefficient, time consuming and eats up more resources.
The biggest issue with cloudways is the lack of automatic banning of brute force login attacks and vulnerability scan that are to aggressive. If there was a sever level solution to this Cloudways would be able to offer more secure and stable Cloud server solution then anyone else out there.