Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add ability to add multiple IP addresses at once in the Security panel

    Provide the ability to add multiple IP addresses at once in the Security panel for when we need to whitelist IPs for managewp and other services.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSH On Warning / Auto Off

    It would be great to have some visual reminder on every page of your App settings that SSH is turned on with a simple button to disable it.

    Even better would be option to "Turn On for 1 Hour" or something like that so it automatically shuts off without you having to remember to shut it off.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. U2F

    Alternative 2 factor authentication. Currently you only support smart phone app.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Another Reset Permission Setting - But Secure

    I see you have a reset permissions to - but we need a lock down reset permissions, one that goes 755 for folders and 644 for files. Your current one is great for releasing security temporarily, but after that, we need to resecure sitewide.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. add SMS option for two factor authentication

    Two factor authentication is important but at the moment I don't really feel I have this option.

    Please add SMS as an option for two factor authentication.

    I prefer SMS as a two factor authentication method.

    I don't really want to use google authentication anymore as I just had the IOS app lose all the settings. Plus I find it more cumbersome than SMS.

    Thanks!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Official statement on how Cloudways implements OWASP guidelines for security.

    Would like to see official statement on how Cloudways has implemented OWASP guidelines, ref: https://www.owasp.org/index.php/Top_10_2013-Top_10

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Deny all, permit only from my country

    I would like to have the capability to permit connections to my website only from my country. The site is on our local language and there is little to no reason to permit connections from other places (aside from Google robots).

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Security

    Hi there,

    I recently learned about the login lock feature at BigScoots.

    The Login Lock feature allows for an extra layer of login security on the WP admin dashboard. You can read more about it at the link below:

    https://blog.bigscoots.com/wordpress-optimized-portal-wpo/#admin-security-lock

    Will Cloudways be releasing something similar soon? It would be great to have an extra layer of login security available for our sites.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improvements for Bot Protection

    Your documentation about Bot Protection doesn't make sense. It says to add to whitelist click X and to remove from whitelist click the checkmark. Also, in the screens such as Traffic requests, every entry whether in Allowed or Blocked as a green arrow next to it. When hovering above the checkmark it says "Whitelist this IP". That seems backwards, and even more confusion is that these same rules apply for both Allowed and Blocked tabs. I am not even sure what actions to take and I don't want to block or allow an IP accidentally. What would make more sense…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Show Two factor Auth status on Team page.

    Users can turn on two-factor authentification in their account.
    But there is currently no way to see if the team members you have in your team have enabled it. It makes it impossible to enforce two-factor auth and poses a security risk.

    Suggestion: Show "2FA enabled" next to team members that have enabled it on the Team page.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Security issue-Visible passwords in Dashboard needs immediate attention

    Coming from different managed hosting, I just joined cloudways, only to be surprised that sufficient security for protecting passwords is not in place. I can see the passwords are visible to me but also to the support agents that have access to the same area and hence openly visible to them. They can see Wordpress password ( which is not issue, as they told me it is default one and if changed in wordpress admin, will not be reflected here). My biggest concern is the sensitive passwords for SQL database and application credentials. The eye icon placed next to passwords…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots

    If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.

    There are two easy ways to get around this that I can think of:

    1. do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable

    2. as a part of the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Setting Sucuri as WAF should also enable WAF bypass prevention

    In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.

    Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:

    location / {
    allow 192.88.134.0/23;
    allow 185.93.228.0/22;
    allow 2a02:fe80::/29;
    allow 66.248.200.0/22;
    allow 208.109.0.0/22;
    deny all;
    ....
    }

    There should be an option to do that when chosing sucuri as a WAF.

    Also, if you contact support to add those rules for you (which…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Stop server from leaking SSL information

    If the application is served through a WAF, you don't want anyone to bypass the WAF by accessing the server using its IP address.

    Cloudways gives us the option to disable access to the application using the IP address only (apache Access Application via IP). However, the web server is still responding to SSL requests, thus leaking the certificate information that would include the common name.

    The SSL certificate should only be presented to the WAF/requests using the hostname/URL and not by accessing the IP address.

    It seems that cloudways is using nginx as a reverse proxy in front of…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Slow HTTP DoS (Denial of Service) Attack

    Your all web servers are vulnerable to Slow HTTP DoS (Denial of Service) attacks.

    Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service.

    Attack Details:
    Time difference between connections: 10006 ms

    The impact of this vulnerability:
    A…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. that there should be mechanism for notification of requests generated by instead load on the server.

    that there should be mechanism for notification of requests generated by instead load on the server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSH keys should accept eliptic curves - not only RSA

    SSH keys should accept eliptic curves - not only RSA
    RSA is old, using too big big length.
    I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. provide a way for site-administrators to view the auth.log

    When sites are hacked the first thing to check is the auth.log to see who accessed what, when. When a compromise happens we need to be able to investigate immediately and find a fix.
    Can site owners be provided with a way to see the auth.log for their site, similar to how we can currently view web access/error logs?

    Specifically what I'm requesting is live (and perhaps filtered to my site) visibility on:
    * auth.log
    * sftpserver.log
    * history of auth and sftp
    server logs so that we can go back at least a week to see if we…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. SSH/Platform Login Alerts

    As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:

    • Cloudways Login
    • SSH Login (IP/Location etc)
    • SFTP Login
    • Changes to application/server configiration
    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base