Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add BitNinja.io security for both Server and Apps

    Would be great having this installed as an option. Would protect server and all the Apps installed so we don't necessary have to go for Sucuri for each single App when clients cannot afford.

    37 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. add SMS option for two factor authentication

    Two factor authentication is important but at the moment I don't really feel I have this option.

    Please add SMS as an option for two factor authentication.

    I prefer SMS as a two factor authentication method.

    I don't really want to use google authentication anymore as I just had the IOS app lose all the settings. Plus I find it more cumbersome than SMS.

    Thanks!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add the ability to lock down file write access per application (so one a compromised application cannot affect other)

    Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please allow a connection from Code Guard

    Code Guard provides incremental backup where I can roll back as far as I like.
    Critically, they also provide an alert if a file has changed which allows me to investigate if it's something I wasn't expecting.
    All they need is SFTP and database access but for some reason this is not being allowed by Cloud Ways. In chat I was told that "custom changes" to the server were not allowed.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. HSTS (Strict Transport Security)

    Hi,

    Do you support HSTS (Strict Transport Security) in the future? Maybe it will add more security.

    35 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. fail2ban

    I was wondering if fail2ban was available on cloudways instances. I would love managing login attempts and throttling bots with it.
    This could even be integrated in the console at application level.

    I know I can do this with WordFence and others, but it's so much more efficient. Doing this kind of thing with WP plugins is so inefficient, it still require PHP processes.

    While not replacing a full DDoS and WAF service, this is probably still a good affordable and efficient protection and I have the feeling that is being already used for handling ssh login attempts.

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Drupal secure on install

    Please could you find a way to keep up-to-date with Drupal core security updates (eg. current 7.38 has a critical security flaw). It's a PITA to get a security email immediately on install and have to go in and update. Isn't there a way to pull the latest secure core as part of your install process?

    Thanks, Neil

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add a text option for 2 factor authentication

    The 2 factor authentication is a great feature! You might even get more users on board if there could be an option to receive a text instead of a message through Google Authenticator (ease of use).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. OCSP stapling

    Please switch on OCSP stapling. This feature makes access to HTTPS sites faster in case of OSCP present, so avoid clients requests to CA to verify certs.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. 5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Official statement on how Cloudways implements OWASP guidelines for security.

    Would like to see official statement on how Cloudways has implemented OWASP guidelines, ref: https://www.owasp.org/index.php/Top_10_2013-Top_10

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Deny all, permit only from my country

    I would like to have the capability to permit connections to my website only from my country. The site is on our local language and there is little to no reason to permit connections from other places (aside from Google robots).

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. SFTP access by white listed IP only

    SFTP access should be able to be set to only accept a white listed IP address.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow firewall options

    Allow us to customise the firewall (to define which port numbers can be opened)

    41 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Blacklist section in your security tab

    The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?

    There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.

    111 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Different MySQL users - one for managing database and one with limited permissions for usage in scripts

    As many apps stores MySQL credentials in a plain text inside code. I suggest to provide us with 2 MySQL users
    1) Admin user - with the most wide permissions
    2) Script user - allowed only to manipulate with rows (CRUD)

    This is common security practice on other hostings.

    53 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 5 Next →
  • Don't see your idea?

Feedback and Knowledge Base