Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add ablility to bulk whitelist IP's in Bot protection

    Please add a way to import whitelist IPs from a list(or copy/paste) for "Bot Protection" as now going through the blocked IPs and comparing IPs and whitelisting one by one is hardly an option. Also there are legitimate optimization services that we use that get blocked(like https://nitropack.io for example) and they 10s of IPs so bulk whitelisting is much needed indeed.

    Thank you, guys/gals and I hope this will be implemented sooner.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    66 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow "global" or account-level SSH keys, which are automatically added to every server

    Currently, we have to manage SSH keys individually for every server. It would be awesome to be able to add global SSH keys, and then when a new server is created, those SSH keys are automatically installed on every server.

    Additionally, it would be nice if when we added a account-level SSH key, it was added to all existing servers.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Upgraded Bot Protection

    Knowing that Cloudways partnered with MalCare to provide bot protection, I would really like to see Cloudways step up their security and offer MalCare for free for their customers. To be able to give us peace of mind against malware is priceless.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Improvements for Bot Protection

    Your documentation about Bot Protection doesn't make sense. It says to add to whitelist click X and to remove from whitelist click the checkmark. Also, in the screens such as Traffic requests, every entry whether in Allowed or Blocked as a green arrow next to it. When hovering above the checkmark it says "Whitelist this IP". That seems backwards, and even more confusion is that these same rules apply for both Allowed and Blocked tabs. I am not even sure what actions to take and I don't want to block or allow an IP accidentally. What would make more sense…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to see.

    Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to click on which then opens a security check popup that shows that the site is, in fact, secure at the very moment of use. It's reassuring for users, especially on an e-commerce site, to know they are protected.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please add a feature that allows block at Nginx level too!

    add a feature that allows block at Nginx level too! because blocking from htaccess is not helping for attacking (IP requests are still raising)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide alerts on successful SSH and SFTP login

    Please provide alerts on successful SSH and SFTP logins to a server.

    These alerts are important for visibility of when someone has accessed the server and making sure that access was expected.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Insert vpn from chrome to cloudways dashboard

    Private vpn from chrome to cloudways dashboard.
    Desktop and smartphone with tpu for security.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add Stackpath to the server WAF Module

    Add Stackpath to the server WAF Module (setting and packages > advanced)

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow whitelisting certain PHP files within the "Direct PHP Files Access" setting

    It would be nice to be able to set the "Direct PHP Files Access" setting to Disable, but still allow access to specific PHP files that require direct access. For example, I have an ajax search plugin for WordPress that needs a PHP file within its folder to publicly accessible. I'd like to open up only that file for access while blocking access to all others for the best security.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show Two factor Auth status on Team page.

    Users can turn on two-factor authentification in their account.
    But there is currently no way to see if the team members you have in your team have enabled it. It makes it impossible to enforce two-factor auth and poses a security risk.

    Suggestion: Show "2FA enabled" next to team members that have enabled it on the Team page.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Free Virus Scanner

    Cloudways should provide free deep virus scanner for the applications. Paid versons of WordFence, Sucuri etc. is too expensive.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Change wordpress login page url within cloudways to prevent brute-force login attempts

    It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Security issue-Visible passwords in Dashboard needs immediate attention

    Coming from different managed hosting, I just joined cloudways, only to be surprised that sufficient security for protecting passwords is not in place. I can see the passwords are visible to me but also to the support agents that have access to the same area and hence openly visible to them. They can see Wordpress password ( which is not issue, as they told me it is default one and if changed in wordpress admin, will not be reflected here). My biggest concern is the sensitive passwords for SQL database and application credentials. The eye icon placed next to passwords…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots

    If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.

    There are two easy ways to get around this that I can think of:

    1. do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable

    2. as a part of the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Setting Sucuri as WAF should also enable WAF bypass prevention

    In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.

    Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:

    location / {
    allow 192.88.134.0/23;
    allow 185.93.228.0/22;
    allow 2a02:fe80::/29;
    allow 66.248.200.0/22;
    allow 208.109.0.0/22;
    deny all;
    ....
    }

    There should be an option to do that when chosing sucuri as a WAF.

    Also, if you contact support to add those rules for you (which…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Stop server from leaking SSL information

    If the application is served through a WAF, you don't want anyone to bypass the WAF by accessing the server using its IP address.

    Cloudways gives us the option to disable access to the application using the IP address only (apache Access Application via IP). However, the web server is still responding to SSL requests, thus leaking the certificate information that would include the common name.

    The SSL certificate should only be presented to the WAF/requests using the hostname/URL and not by accessing the IP address.

    It seems that cloudways is using nginx as a reverse proxy in front of…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Labels and wildcards for database whitelist

    Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Bulk enable bot protection on all apps over a server

    I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base