Hi @
easyprosys
Like you, some years ago I migrated from Plesk to cPanel, and for many of the same reasons, so it would seem that Plesk will never learn
(or perhaps just don't care)
I first tried RV Site Builder and was initially impressed with it. That lasted only one year then RV upgraded their systems that essentially broke every existing site - and their new builder was just dreadful, and their support was non-existent (except for their billing department who continued to harass me to renew after I had cancelled their services).
I was pleasantly surprised with the Softaculous Auto Installer. To date, they have kept the scripts they offer well updated, are constantly introducing new features and ideas, and they have a Website Builder called SitePad that I don't use myself (non of my customers expressed any interest in it) but that seems to work well enough when I experimented with it.
Apart from the ClamAV scanner that comes with cPanel by default, I would also strongly recommend installing the ConfigServer Security & Firewall (free) to assist with security, and you may get mileage from ConfigServer ModSecurity Control if your users deploy CMS sites that then run into issues with Mod Sec.
I have seen mixed reports about using Cloudflare. I guess it depends on ones motivation for using it in the first place, but it seems to be being commonly used to compensate for under resourced, cheep, virtual servers, and I don't think it does a particularly good job of trying to make a sows ear into a silk purse. If you intend to use it to make a fundamentally good server on a decent pipe, better and safer, it would seem to do what they claim - but it isn't something I would like to have to rely on ( I hate having to rely on allways-on third party services to deliver my customers website content, and actively discourage it).
Hope this helps.
UPDATE
Heavens, I forgot one of the most important things I added - CloudLinux and KernelCare
This gives me rebootless kernel updates, and a caged environment for the clients to use without being able to escape and affect anyone else. I also use their hardened legacy ALT-PHP to host some die-hard users who flatly refuse to update their old PHP software, and additionally benefit from the control of the server resources that can be allocated to each user/package.
ALT-PHP combined with the CloudLinux lsapi handler has proved to provide excellent PHP performance without the need to use a separate Nginx or LiteSpeed server itteration
I would love to have the full Imunify360 security suit from the same developers, but I just can't afford it
In addition to the cPanel backups (which are lamentably short on multi scheduling options) I contract a full off-site backup service from my datacentre which would give me a full bare-metal restore (everything including OS and settings) in the event of a catastrophic hardware failure.
