Please add Enable/ Disable for mod_security . This will increase our servers and applications security.

Enabling Encrypted MySQL Database on Amazon AWS would enable encryption at rest and improve security.

This would be a truly unique offering (trust me, I have been researching this for days), one that I can't believe isn't more requested or offered given the hacks and breaches we have seen over the last few years.

Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.

Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.

Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.

You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.

The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.

As account owner, I can setup 2FA on the main account, but I can't force my team members (some of whom have full access) to do so. This obviously creates a security loophole.

Will you offer a service similar to Cloud Firewalls, as provided by Digital Ocean? You can check the link here: https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/

Cloudways should allow their users to connect to their databases with the MYSQL GUI of their choice. I was unable to use MySQL Workbench and Cloudways support essentially told me they couldn't help me because the tech believed there was an incompatibility with the OSX version and the Cloudways server. So I'm stuck using the Cloudways interface, which is not nearly as powerful as Sequel Pro.

Add a securi site scan bundle for an extra $5 per month for a scan and report every 24 hours

I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.

Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs

Like done with CloudFlare and Sucuri a WAF module for StackPath's WAF would be great. So, one will be able to see the real IP - just like with CloudFlare and Sucuri

Hi, I'd like to suggest a new feature to server owner's security, to block other domains visibility from whois services. at the moment, anyone can go to any whois service (i.e. http://reverseip.domaintools.com) and by typing domain name, or the IP address can check what other domains are hosted on this server. i think, to privacy of users and server owners, this is a lack. it may be just an additional feature, but i'm sure people would love to see this as an option to disable this from public view.

DDoS issues are getting out of control. It would be a good idea to integrate mod_evasive apache module to mitigate them.

I was suggested by the support team to mitigate the attack using app level firewalls but that's far to be an optimal solution.

They confirmed that the current infrastructure of their servers is not ready for adding this apache module but they are open to evaluating it as an option.

PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration

Please provide alerts on successful SSH and SFTP logins to a server.

These alerts are important for visibility of when someone has accessed the server and making sure that access was expected.

Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to click on which then opens a security check popup that shows that the site is, in fact, secure at the very moment of use. It's reassuring for users, especially on an e-commerce site, to know they are protected.