Please add a way to import whitelist IPs from a list(or copy/paste) for "Bot Protection" as now going through the blocked IPs and comparing IPs and whitelisting one by one is hardly an option. Also there are legitimate optimization services that we use that get blocked(like https://nitropack.io for example) and they 10s of IPs so bulk whitelisting is much needed indeed.

Thank you, guys/gals and I hope this will be implemented sooner.

While MalCare is a great option for WordPress, I would like a one-click install with some generic bot protection when we're using cms platforms like Concrete5, Laravel or custom PHP apps. Thanks for your consideration.

Hi there,

I recently learned about the login lock feature at BigScoots.

The Login Lock feature allows for an extra layer of login security on the WP admin dashboard. You can read more about it at the link below:

https://blog.bigscoots.com/wordpress-optimized-portal-wpo/#admin-security-lock

Will Cloudways be releasing something similar soon? It would be great to have an extra layer of login security available for our sites.

Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.

Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.

Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to click on which then opens a security check popup that shows that the site is, in fact, secure at the very moment of use. It's reassuring for users, especially on an e-commerce site, to know they are protected.

Please provide alerts on successful SSH and SFTP logins to a server.

These alerts are important for visibility of when someone has accessed the server and making sure that access was expected.

Users can turn on two-factor authentification in their account.
But there is currently no way to see if the team members you have in your team have enabled it. It makes it impossible to enforce two-factor auth and poses a security risk.

Suggestion: Show "2FA enabled" next to team members that have enabled it on the Team page.

It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.

Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs

I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.

Hi, I'd like to suggest a new feature to server owner's security, to block other domains visibility from whois services. at the moment, anyone can go to any whois service (i.e. http://reverseip.domaintools.com) and by typing domain name, or the IP address can check what other domains are hosted on this server. i think, to privacy of users and server owners, this is a lack. it may be just an additional feature, but i'm sure people would love to see this as an option to disable this from public view.

Please consider allowing us to choose Server access to specific countries at the Server Level. If our WP sites or other applications (even our clients) are selling only within the US, why should we not block access to all other countries trying to access the server. There are so many daily hack attempts from countries outside the US, but even if this were not the case, allowing the user to manage Country Access (perhaps by blocking IP ranges) would greatly reduce the effect of DDOS attacks and also reduce server load from unrelated or unnecessary website visits. Thanks!

so this make easier for user to find the ip addresses.
And you can make a specific fiture to make a whitelist IP Adresses.

Also please make the pagination better, so user can go to specific page.

And also in the data table, please make a filter by country, ip, etc

Please add the ability for main/primary account holders to force TFA use for all Team Member accounts. Not having this capability (or the ability to see TFA status on Team Member accounts) is a significant security hole, of the type that could lead us to migrate away.

Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.

You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.

The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.