Please add the ability for main/primary account holders to force TFA use for all Team Member accounts. Not having this capability (or the ability to see TFA status on Team Member accounts) is a significant security hole, of the type that could lead us to migrate away.

Simply free malware removal like a lot of other hosting companies are doing. Not everyone can pay for a good security plugin. It could be only included on certain plans, but it's an important service that everyone would appreciate to some extent.

I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.

Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.

that there should be mechanism for notification of requests generated by instead load on the server.

Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs

SSH keys should accept eliptic curves - not only RSA
RSA is old, using too big big length.
I would like to see possibility to use standard eliptic curves that are used everywhere. For some reason this is still not possible on Cloudways.

Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.

Thanks!

Hello Team,

Can you please add some feature where it'll check for the blacklist before assigning server IP?

It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.

Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.

You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.

The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.

Like done with CloudFlare and Sucuri a WAF module for StackPath's WAF would be great. So, one will be able to see the real IP - just like with CloudFlare and Sucuri

Please add Remark Option with Whitelist IP address in Server Security Section. Right now its difficult to find out which IP is pointing to external important server and which is IP is added for temporary use. Deleting an IP by mistake can take us into trouble as some live App IP's are listed in Whitelist IP list.

As an agency hosting a magnitude of customers through Cloudways we would like to see the ability to get Cloudways Bot alerts and email alerts for the following:

• Cloudways Login


• SSH Login (IP/Location etc)


• SFTP Login


• Changes to application/server configiration

Don't rely on cloudflare

Our different colleagues need sign in cloudways frequently, so we suggest if can close the different IP verify

ImunifyAV is free and nowadays, almost pre-install by default for many hosting companies. You can easily check if your files are infected by malwares. Please add it to Cloudways

Please consider allowing us to choose Server access to specific countries at the Server Level. If our WP sites or other applications (even our clients) are selling only within the US, why should we not block access to all other countries trying to access the server. There are so many daily hack attempts from countries outside the US, but even if this were not the case, allowing the user to manage Country Access (perhaps by blocking IP ranges) would greatly reduce the effect of DDOS attacks and also reduce server load from unrelated or unnecessary website visits. Thanks!

Hi, I'd like to suggest a new feature to server owner's security, to block other domains visibility from whois services. at the moment, anyone can go to any whois service (i.e. http://reverseip.domaintools.com) and by typing domain name, or the IP address can check what other domains are hosted on this server. i think, to privacy of users and server owners, this is a lack. it may be just an additional feature, but i'm sure people would love to see this as an option to disable this from public view.