Would be great having this installed as an option. Would protect server and all the Apps installed so we don't necessary have to go for Sucuri for each single App when clients cannot afford.37 votes
Two factor authentication is important but at the moment I don't really feel I have this option.
Please add SMS as an option for two factor authentication.
I prefer SMS as a two factor authentication method.
I don't really want to use google authentication anymore as I just had the IOS app lose all the settings. Plus I find it more cumbersome than SMS.
Add the ability to lock down file write access per application (so one a compromised application cannot affect other)
Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.3 votes
Code Guard provides incremental backup where I can roll back as far as I like.
Critically, they also provide an alert if a file has changed which allows me to investigate if it's something I wasn't expecting.
All they need is SFTP and database access but for some reason this is not being allowed by Cloud Ways. In chat I was told that "custom changes" to the server were not allowed.1 voteAdminCloudways (Admin, Cloudways) responded
Michael, we definitely allow SFTP access https://support.cloudways.com/how-to-connect-to-your-application-using-sftp/.
About database access, it can only be done via SSH with the master credentials (https://support.cloudways.com/how-to-manage-your-databases-using-mysql-workbench/). For security reasons, we can’t leave the mysql port open to the world.
Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.35 votes
I was wondering if fail2ban was available on cloudways instances. I would love managing login attempts and throttling bots with it.
This could even be integrated in the console at application level.
I know I can do this with WordFence and others, but it's so much more efficient. Doing this kind of thing with WP plugins is so inefficient, it still require PHP processes.
While not replacing a full DDoS and WAF service, this is probably still a good affordable and efficient protection and I have the feeling that is being already used for handling ssh login attempts.23 votes
Please could you find a way to keep up-to-date with Drupal core security updates (eg. current 7.38 has a critical security flaw). It's a PITA to get a security email immediately on install and have to go in and update. Isn't there a way to pull the latest secure core as part of your install process?
Thanks, Neil3 votes
The 2 factor authentication is a great feature! You might even get more users on board if there could be an option to receive a text instead of a message through Google Authenticator (ease of use).1 vote
Please switch on OCSP stapling. This feature makes access to HTTPS sites faster in case of OSCP present, so avoid clients requests to CA to verify certs.14 votes
Would like to see official statement on how Cloudways has implemented OWASP guidelines, ref: https://www.owasp.org/index.php/Top_10_2013-Top_102 votes
I would like to have the capability to permit connections to my website only from my country. The site is on our local language and there is little to no reason to permit connections from other places (aside from Google robots).2 votes
SFTP access should be able to be set to only accept a white listed IP address.14 votes
Allow us to customise the firewall (to define which port numbers can be opened)41 votes
The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?
There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.111 votes
Different MySQL users - one for managing database and one with limited permissions for usage in scripts
As many apps stores MySQL credentials in a plain text inside code. I suggest to provide us with 2 MySQL users
1) Admin user - with the most wide permissions
2) Script user - allowed only to manipulate with rows (CRUD)
This is common security practice on other hostings.53 votes
- Don't see your idea?