Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Two factor authentication - Mandatory for Team Members

    Please add the ability for main/primary account holders to force TFA use for all Team Member accounts. Not having this capability (or the ability to see TFA status on Team Member accounts) is a significant security hole, of the type that could lead us to migrate away.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remove Server Signature for Improved Security

    Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.

    Thanks!

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Check for the blacklist IP before assigning Server IP

    Hello Team,

    Can you please add some feature where it'll check for the blacklist before assigning server IP?

    It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow closing shellinabox

    The shellinabox service that runs on port 4200 is not secure enough, for a number of reasons:
    * it accepts non-TLS traffic
    * no multifactor authentication
    * no battle-tested frontend webserver like nginx before it

    Instead of fixing all of these, perhaps just allow to disable this service like you allow for other services.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Feature Request: Log analysis section

    I made contact via suppot chat and ask if it was possible to install GoAccess on my server for a visual and accurate log view.
    Since it was not possible all i can do is suggest to make a section on server panel to analyse server logs and have a clear vision of traffic and load.

    Gabriel G.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. yubikey support

    would be great to add hardware 2FA devices with fallback to google auth or SMS.. :)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to add multiple SSL certificates per application (neither wildcard nor SAN)

    If we have a multisite, we need a wildcard SSL for the subdomains. However if we go further, and provide custom domain (domain mapping) the problem comes that the SSL certificate is only for our domain not the mapped. Would be great if we can (even manually) create more than one certificate. SAN certificates is not the good option, since:

    • We are using the wildcard for the own subdomains.
    • There is a hard limit with the 100 domains.
    • All the custom domains would be listed as secondary domains in the certificate details.
    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Spectre and Meltdown

    Please advise about specific measures did you take regarding Spectre and Meltdowns recent announced threats in order to give a word of trust to our final customers

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please make your cloud server SOC2 compliant.

    Please make your cloud server SOC2 compliant.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. IP Ranges

    Need to the ability to save IP ranges to security rather than one at a time.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the ability to lock down file write access per application (so one a compromised application cannot affect other)

    Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Drupal secure on install

    Please could you find a way to keep up-to-date with Drupal core security updates (eg. current 7.38 has a critical security flaw). It's a PITA to get a security email immediately on install and have to go in and update. Isn't there a way to pull the latest secure core as part of your install process?

    Thanks, Neil

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Generic Bot Protection

    While MalCare is a great option for WordPress, I would like a one-click install with some generic bot protection when we're using cms platforms like Concrete5, Laravel or custom PHP apps. Thanks for your consideration.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Change wordpress login page url within cloudways to prevent brute-force login attempts

    It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Please make search feature in all Bot Protection data table.

    so this make easier for user to find the ip addresses.
    And you can make a specific fiture to make a whitelist IP Adresses.

    Also please make the pagination better, so user can go to specific page.

    And also in the data table, please make a filter by country, ip, etc

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Display remaining Lets encrypt SSL limit

    SSL has rate limit for SSL certificates which is reset in 12hrs. This limit should be displayed on SSL page so that user can be careful.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. whitelist

    Please add Remark Option with Whitelist IP address in Server Security Section. Right now its difficult to find out which IP is pointing to external important server and which is IP is added for temporary use. Deleting an IP by mistake can take us into trouble as some live App IP's are listed in Whitelist IP list.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Caution Notifications if the bandwidth about to touch the default ceiling limits

    Caution Notifications if the bandwidth about to touch the default ceiling limits in order to take steps on illegitimate/spam hits. This may safe guard the ignorant developers from incurring a heavy loss and in some cases losing their business. Please consider.
    Thanks and regards,
    Venkat Chinniah
    App Consultant & Architect

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fix security problem with Team Member

    My niche is high risk for online hacking. In Cloudways I can add a team member, which sends his un-encrypted password to his account. This is high risk. As owner of my account I should be able to change his password, and then I can share via a secure app like Last Pass. Please consider this a high priority request. Thank You

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base