Service Improvement
Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!
104 results found
-
Security issue-Visible passwords in Dashboard needs immediate attention
Coming from different managed hosting, I just joined cloudways, only to be surprised that sufficient security for protecting passwords is not in place. I can see the passwords are visible to me but also to the support agents that have access to the same area and hence openly visible to them. They can see Wordpress password ( which is not issue, as they told me it is default one and if changed in wordpress admin, will not be reflected here). My biggest concern is the sensitive passwords for SQL database and application credentials. The eye icon placed next to passwords…
3 votes -
Change wordpress login page url within cloudways to prevent brute-force login attempts
It would be great If I could change the login url of my wordpress site from website.com/wp-admin to website.com/my-custom-login-url in order to prevent unwanted brute-force login attempts.
4 votes -
Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to see.
Provide an SSL badge for Cloudways users to display on their sites. Most SSL companies provide an HTML Coded badge for website users to click on which then opens a security check popup that shows that the site is, in fact, secure at the very moment of use. It's reassuring for users, especially on an e-commerce site, to know they are protected.
4 votes -
Labels and wildcards for database whitelist
Add the ability to label IPs added to the remote DB whitelist so you can add your own identifier to IPs. And also add the ability to wildcard IPs by range eg. 5.40.%.%, and also the ability to add by domain name in addition to IP. This will allow for better management and greater control of whitelisted IPs
6 votes -
Two factor authentication - Mandatory for Team Members
Please add the ability for main/primary account holders to force TFA use for all Team Member accounts. Not having this capability (or the ability to see TFA status on Team Member accounts) is a significant security hole, of the type that could lead us to migrate away.
4 votes -
Bulk enable bot protection on all apps over a server
I want to know if there is a possibility to enable bot protection on all of the apps under a server at once. I asked the support team but they have said no. I badly need that since that could possibly save days of work as I have over 100 websites running under your servers.
5 votes -
Block other domains visibility from whois services
Hi, I'd like to suggest a new feature to server owner's security, to block other domains visibility from whois services. at the moment, anyone can go to any whois service (i.e. http://reverseip.domaintools.com) and by typing domain name, or the IP address can check what other domains are hosted on this server. i think, to privacy of users and server owners, this is a lack. it may be just an additional feature, but i'm sure people would love to see this as an option to disable this from public view.
4 votes -
Setting Sucuri as WAF should also enable WAF bypass prevention
In the advanced settings for nginx there is an option to set a WAF. This is needed fo nginx to grab the right headers in order to get the actual visitor's IP address.
Using a WAF one would certainly also want a WAF bypass prevention. For this SUCURI suggests adding the following lines to the nginx vhost:
location / {
allow 192.88.134.0/23;
allow 185.93.228.0/22;
allow 2a02:fe80::/29;
allow 66.248.200.0/22;
allow 208.109.0.0/22;
deny all;
....
}There should be an option to do that when chosing sucuri as a WAF.
Also, if you contact support to add those rules for you (which…
1 vote -
Allow Country Blocking at the Server Level
Please consider allowing us to choose Server access to specific countries at the Server Level. If our WP sites or other applications (even our clients) are selling only within the US, why should we not block access to all other countries trying to access the server. There are so many daily hack attempts from countries outside the US, but even if this were not the case, allowing the user to manage Country Access (perhaps by blocking IP ranges) would greatly reduce the effect of DDOS attacks and also reduce server load from unrelated or unnecessary website visits. Thanks!
32 votes -
create a drop-down for "SSL ciphers" in the "APPLICATION SETTINGS" below the "TLS VERSIONS" for customers who want only strong SSL ciphers
Customers can get an A+ rating on https://www.ssllabs.com/ssltest/ if you:
Add an "SSL ciphers" drop-down for customers that are interested in only using strong SSL ciphers.You can consider your current ciphers as "default", and add an option for "most secure" that allows customers to select a pre-defined "A+ rated" SSL cipher configuration.
The "SSL Cipher" configuration would go below the existing "TLS VERSIONS" option in the "APPLICATION SETTINGS" > "GENERAL" > "TLS VERSIONS" configuration interface.
7 votes -
Please make search feature in all Bot Protection data table.
so this make easier for user to find the ip addresses.
And you can make a specific fiture to make a whitelist IP Adresses.Also please make the pagination better, so user can go to specific page.
And also in the data table, please make a filter by country, ip, etc
2 votes -
Display remaining Lets encrypt SSL limit
SSL has rate limit for SSL certificates which is reset in 12hrs. This limit should be displayed on SSL page so that user can be careful.
3 votes -
Add WAF module StackPath
Like done with CloudFlare and Sucuri a WAF module for StackPath's WAF would be great. So, one will be able to see the real IP - just like with CloudFlare and Sucuri
5 votes -
Slow HTTP DoS (Denial of Service) Attack
Your all web servers are vulnerable to Slow HTTP DoS (Denial of Service) attacks.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service.
Attack Details:
Time difference between connections: 10006 msThe impact of this vulnerability:
A…2 votes -
Check for the blacklist IP before assigning Server IP
Hello Team,
Can you please add some feature where it'll check for the blacklist before assigning server IP?
It seems like someone else was using assigned server IP before it's assigning to the user and they have abused the server so their IP is under blacklist and that blacklist server IP is not going to be useful for the new user.
4 votes -
Remove Server Signature for Improved Security
Provide a way to disable the server signature to improve security by not disclosing the server type and server software, along with other information, which could allow hackers to determine vulnerabilities by listing server and software specifications.
Thanks!
3 votes -
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
Launch a new feature on the console which blocks the bad BOTS and DDOs attacks from the site for popular applications like Magento.
1 vote -
whitelist
Please add Remark Option with Whitelist IP address in Server Security Section. Right now its difficult to find out which IP is pointing to external important server and which is IP is added for temporary use. Deleting an IP by mistake can take us into trouble as some live App IP's are listed in Whitelist IP list.
2 votes -
that there should be mechanism for notification of requests generated by instead load on the server.
that there should be mechanism for notification of requests generated by instead load on the server.
1 vote -
Upgrade PHP 7.3, 7.2 & 7.1 to current iterations
Upgrade PHP 7.3, 7.2 & 7.1 to current iterations.
Security vulnerability alerts for the following versions of PHP
PHP 7.1 versions prior to 7.1.32
PHP 7.2 versions prior to 7.2.22
PHP 7.3 versions prior to 7.3.9
As of today, There are currently no reports of these vulnerabilities being exploited in the wild.
Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed…14 votes
- Don't see your idea?