Our different colleagues need sign in cloudways frequently, so we suggest if can close the different IP verify

ImunifyAV is free and nowadays, almost pre-install by default for many hosting companies. You can easily check if your files are infected by malwares. Please add it to Cloudways

After enabling SSL in my sites, I run multiple tools to scan for vulnerabilities and imisconfigurations. Every one of them is telling me that those protocols are insecure, deprecated and should be disabled. I asked support to do it server wide, but they said it can only be done manually on app basis. To me this is unacceptable, since this should be approached from a server perspective as a whole.

Please support TLS 1.3 since it's faster and more secure. Chrome 70 and Firefox 63 officialy support it now.

https://www.ietf.org/blog/tls13/

There are probably many needed enhancements to the firewall. One that would be especially helpful would be to block traffic that doesn't originate through the CDN.

For example, with Cloudflare, hackers can sometimes use historical dns records to discover your server's origin IP address. They can then circumvent Cloudflare's ddos and firewall features.

An option in the Cloudways firewall to only accept traffic through the CDN would eliminate this whole class of vulnerabilities.

For those with 2FA, allow someone to whitelist their work ip address for XX days, so that 2FA is only required when time expires or access is from a new ip.

... ie block access to Russian IP addresses.

even better if we could choose countries to block rather than having to input entire IP ranges

DDoS issues are getting out of control. It would be a good idea to integrate mod_evasive apache module to mitigate them.

I was suggested by the support team to mitigate the attack using app level firewalls but that's far to be an optimal solution.

They confirmed that the current infrastructure of their servers is not ready for adding this apache module but they are open to evaluating it as an option.

I made contact via suppot chat and ask if it was possible to install GoAccess on my server for a visual and accurate log view.
Since it was not possible all i can do is suggest to make a section on server panel to analyse server logs and have a clear vision of traffic and load.

Gabriel G.

For now you get access to all folders and files, which might cause security problems. And GDPR Problems, as anybody that has been given access could delete or copy any personal Data of web shop clients, for example

would be great to add hardware 2FA devices with fallback to google auth or SMS.. :)

If we have a multisite, we need a wildcard SSL for the subdomains. However if we go further, and provide custom domain (domain mapping) the problem comes that the SSL certificate is only for our domain not the mapped. Would be great if we can (even manually) create more than one certificate. SAN certificates is not the good option, since:

• We are using the wildcard for the own subdomains.


• There is a hard limit with the 100 domains.


• All the custom domains would be listed as secondary domains in the certificate details.

PCI Compliance now regards weak ssh key exchange algorithms as a liability. There should be a way to disable them. It's fairly easy to set up in open-ssh: https://infosec.mozilla.org/guidelines/openssh#Configuration

As account owner, I can setup 2FA on the main account, but I can't force my team members (some of whom have full access) to do so. This obviously creates a security loophole.

My niche is high risk for online hacking. In Cloudways I can add a team member, which sends his un-encrypted password to his account. This is high risk. As owner of my account I should be able to change his password, and then I can share via a secure app like Last Pass. Please consider this a high priority request. Thank You

It would be useful to have the ability to configure the default firewall rules at server level, rather than relying on htaccess files which are useless for managing large data sets (i.e. IP lists/ranges).

Additionally, having fail2ban installed and bridging between the firewall would be extremely helpful for using plugins like wp-fail2ban, which automatically bans "bruteforce" login attempts at server level, rather than application level.

Provide the ability to add multiple IP addresses at once in the Security panel for when we need to whitelist IPs for managewp and other services.