The autorenewal of SSLs doesn't work. I know you're working on it. But to minimise the down time could you at least notify by email before the SSL expires so we can quickly act on it and manual renew?

Alternative 2 factor authentication. Currently you only support smart phone app.

Cloudways should allow their users to connect to their databases with the MYSQL GUI of their choice. I was unable to use MySQL Workbench and Cloudways support essentially told me they couldn't help me because the tech believed there was an incompatibility with the OSX version and the Cloudways server. So I'm stuck using the Cloudways interface, which is not nearly as powerful as Sequel Pro.

Duo is a great platform for two-factor authentication and already supported by a great number of platforms. It would be very nice if it would also be supported by Cloudways.

Add a securi site scan bundle for an extra $5 per month for a scan and report every 24 hours

I see you have a reset permissions to - but we need a lock down reset permissions, one that goes 755 for folders and 644 for files. Your current one is great for releasing security temporarily, but after that, we need to resecure sitewide.

Instead of only scanning bar code, I would request you to add sms msg for this as all smartphones are not supportive. Thanks

Godaddy Cloud Servers are about the same price as DigitalOcean and already provide DDOS protection by default. This information is something you will find if you call them for it's not listed on their website.

Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.

Two factor authentication is important but at the moment I don't really feel I have this option.

Please add SMS as an option for two factor authentication.

I prefer SMS as a two factor authentication method.

I don't really want to use google authentication anymore as I just had the IOS app lose all the settings. Plus I find it more cumbersome than SMS.

Thanks!

Code Guard provides incremental backup where I can roll back as far as I like.
Critically, they also provide an alert if a file has changed which allows me to investigate if it's something I wasn't expecting.
All they need is SFTP and database access but for some reason this is not being allowed by Cloud Ways. In chat I was told that "custom changes" to the server were not allowed.

Please could you find a way to keep up-to-date with Drupal core security updates (eg. current 7.38 has a critical security flaw). It's a PITA to get a security email immediately on install and have to go in and update. Isn't there a way to pull the latest secure core as part of your install process?

Thanks, Neil

The 2 factor authentication is a great feature! You might even get more users on board if there could be an option to receive a text instead of a message through Google Authenticator (ease of use).

Would like to see official statement on how Cloudways has implemented OWASP guidelines, ref: https://www.owasp.org/index.php/Top_10_2013-Top_10

I would like to have the capability to permit connections to my website only from my country. The site is on our local language and there is little to no reason to permit connections from other places (aside from Google robots).