Service Improvement

Cloudways values its customers and their feedback! You can now give us your feedback on how we can improve Cloudways services, solution and products by pitching in your ideas!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force SSL

    It would be nice if we could have a Force SSL option from the control panel for wordpress. Then you would not have to install a ssl plugin or add rules to HTACCESS

    32 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. eedback.cloudways.com is not loading on SSL you must use this

    eedback.cloudways.com is not loading on SSL you must use this

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Cloudways please document your security practices

    I would like to suggest that Cloudways publishes an article or other document that describes how Cloudways maintains, patches, updates servers and secures them.

    The intent is not to disclose details that puts security at risk but instead demonstrates the value Cloudways is providing in the area of helping its customers maintain a secure server and application environment.

    Information should include frequency of update / patch deployment, frequency of security scans for malware / unauthorized access, firewall ports and services that are open especially those for inbound traffic from the Internet, intrusion protection mechanisms, transparency reports for government information requests…

    48 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to disable TLS 1.0 and 1.1 server wide

    After enabling SSL in my sites, I run multiple tools to scan for vulnerabilities and imisconfigurations. Every one of them is telling me that those protocols are insecure, deprecated and should be disabled. I asked support to do it server wide, but they said it can only be done manually on app basis. To me this is unacceptable, since this should be approached from a server perspective as a whole.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. TLS 1.3

    Please support TLS 1.3 since it's faster and more secure. Chrome 70 and Firefox 63 officialy support it now.

    https://www.ietf.org/blog/tls13/

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. 46 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. A better backup scheme

    So here my suggestion for a better backup scheme. Do something like keeping:
    = 1 - 3 monthly backups
    + 3 weekly backups
    + 4 - 6 daily backups
    This way a longer period is covered without increasing the space required for backups. You can try keeping it at 8, although 12 would be ideal as it will cover last 3 mo, last 3 wk, and last 6 days.

    Other suggestions:
    - Allow to choose the time of day to do backup so it won't slow down the server during busy hours.
    - Allow to choose external backup destination like…

    208 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    We are closing this thread as we have implemented most of the features requested by OP and other features requested by users in the comments over the years. Here is the list of the features we have introduced around backups.

    1. We added the option to set backup retention from 1 to 4 weeks.
    2. We added the option to set the frequency of backups from 1 hour to 168 hours (1 week).
    3. We introduced on-demand application backup options.
    4. Users can now specify the time at which the backups process should be initiated on the server.
    5. Users can now restore their deleted servers from the Cloudways Platform. Previously this feature was limited to support but to give customers more control this feature is now available to all Cloudways customers.
    6. Users can now restore their deleted applications from the Cloudways Platform to an existing or new server.

  8. Enable Let's Encrypt Auto-renewal to work with .htaccess redirects in place

    When a website is SSL secured (https) it is recommended to have redirect rules in place which enforce https (redirect http to https) and of course redirecting to one version (www vs non-www).

    It appears that the Let's Encrypt Auto-Renewal does not work. It will fail saying there are htacces rules restricting it from working. I am not sure if this is an issue for Cloudways to fix, or Let's Encrypt.

    In either case, the solution provided by Cloudways support is to:
    1. Temporarily rename your .htaccess (so it is not in effect)
    2. REVOKE your Let's Encrypt Certificate
    3.…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    Hello

    We have resolved this issue, an update was deployed on all customer’s servers.

    LE SSL installation is now independent of rules added in htaccess, now users just have to make sure that the domain is added in the domain section of the application and the domain is pointing to Cloudways server, any rules in htaccess will not conflict with SSL installations.

    Best Regards
    Cloudways

  9. Please add TFA option for team account. Not only the main account

    Please add TFA option for team account. So the server security never get compromised by team account hijack

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Cloudways should add DDoS protection service

    DDoS is a common problem now, maybe Cloudways can add a DDoS Mitigation service and upgrade their Network hardware to secure against Level 3 DDoS attacks

    344 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  53 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSH On Off Button

    A simple button to turn ssh on and off, ssh can be turned off until the admin needs to use it so it adds an additional level of security straight on the dashboard. Thanks

    26 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block option for all IP address for SSH or Mysql

    Block option for all IP address for SSH or Mysql. except we choose IP Address

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    Hello

    This is already integrated into the platform.

    MYSQL Remote access is disabled by default, users will have to whitelist the IP to access MySQL remotely. For more details please visit https://support.cloudways.com/en/articles/5124817-how-to-whitelist-ip-addresses-for-remote-mysql-connections

    While for SSH we provide an option to disable access completely except the whitelisted IP addresses. please visit https://support.cloudways.com/en/articles/5121429-how-to-manage-ip-access-for-ssh-and-sftp-connections

    Best Regards,
    Cloudways Team.

  13. The git deployment documentation should tell the users to use GitHub's Deploy Keys feature.

    The documentation that shows user how to deploy from Git (https://support.cloudways.com/using-git-for-deployment) tells users to give CloudWays full access to their GitHub account. Ideally the documentation should show GitHub's "Deploy Keys" feature (https://developer.github.com/guides/managing-deploy-keys/#deploy-keys) which allows the user to give CloudWays access to just the repositories it needs.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    The documentation on how to deploy from Git on the Cloudways Platform has now been updated to promote the use of repository-specific deployment keys.

    Cloudways Team

  14. Add multiple domain ssl support for a single application.

    I have WordPress MU and I have multiple ssl certificates for the multiple domains but I can't use it within one application, therefore I have to create multiple wordpress instances for the domains.

    Very annoying that I can't use WordPress MU with multiple domains with multiple single domain ssl certifications.

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have added a support of SAN in our platform, which will allow you to have a support for multiple domains using single SSL certificate. Having SAN available there won’t be a need of getting separate SSL for multiple domains mapped to a single website.

    Moreover, work is already in progress for Let’sEncrypt (freeSSL) to support multiple domains using single SSL.

    Cloudways Team

  15. Provide a way to edit/remove Let's Encrypt from application

    Currently there is no way to make a change to the installed certificate so it is not possible to change the domain once a cert has been installed. The only resolution available presently is to migrate to a new application.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Rehabilitate SSH access with application credentials

    Rehabilitate SSH access with application credentials and not for only Master credentials.

    In my case, we have our software, installed on our software, that connect via SSH to single application for launch some php script with php-cli.

    Now, i can't give master password to our customer!

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support 'Let's Encrypt' (automatic and free SSL/TLS)

    Mid 2015 the Let's Encrypt Certificate Authority (CA) is expected to go live. It would be great if Cloudways would join this effort and offer it as a service to their customers. This CA & software will allow automatic and free (domain validated) SSL/TLS for any domain.

    For more information visit https://letsencrypt.org/

    157 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    58 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Fallback to SMS or Backup Codes (like Google) on Two-Factor Authentication issues

    Lost access to TFA authentication should fall back to SMS or Backup Codes (like Google) rather than a quick comment on the chat.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Let two-factor authentication remember your computer for 30 days

    Glad to have two-factor authentication, but it's a huge hassle to use every time I have to log in -- especially since the system automatically logs me out after such a short period of inactivity (an hour maybe?).

    Please add a "Remember this computer for 30 days" option -- the exact same way Google does it -- so that we only have to do the two-factor auth (on a known computer) once a month.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. 27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have got into a partnership with Sucuri where we can offer their services at a discounted price. Read more here:
    https://support.cloudways.com/how-to-setup-sucuri-antivirus-website-monitoring/

    After extensive research, we think Sucuri is the best option for our customers. They are experts in the CMSs we deploy (Wordpress, Magento …) and their services have the flexibility our customers need (including on-demand site cleaning).

    Cloudways Team

← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base