diff --git a/roles/common/tasks/cron-apt.yml b/roles/common/tasks/cron-apt.yml
index e570521..ceadfac 100644
--- a/roles/common/tasks/cron-apt.yml
+++ b/roles/common/tasks/cron-apt.yml
@@ -2,7 +2,7 @@
 
 - name: Configure cron-apt (config)
   copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }}
-  with_items:
+  loop:
     - { src: 'etc/cron-apt/config', dest: '/etc/cron-apt/config', mode: '0644', owner: 'root', group: 'root' }
     - { src: 'etc/cron-apt/3-download', dest: '/etc/cron-apt/action.d/3-download', mode: '0644', owner: 'root', group: 'root' }
 
diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml
index aaf4b67..1a9febc 100644
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@@ -2,7 +2,7 @@
 - name: Install firewalld and deps
   when: ansible_distribution_major_version is version_compare('8', '>=')
   apt: pkg={{ item }} state=present
-  with_items:
+  loop:
     - firewalld
     - tidy
   tags: packages
diff --git a/roles/common/tasks/firewall_Ubuntu.yml b/roles/common/tasks/firewall_Ubuntu.yml
index c295f2a..cd205e3 100644
--- a/roles/common/tasks/firewall_Ubuntu.yml
+++ b/roles/common/tasks/firewall_Ubuntu.yml
@@ -2,7 +2,7 @@
 - name: Install firewalld and deps
   when: ansible_distribution_version is version_compare('15.04', '>=')
   apt: pkg={{ item }} state=present
-  with_items:
+  loop:
     - firewalld
     - tidy
   tags: packages
diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml
index 315f2d6..d24e64a 100644
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
@@ -4,7 +4,7 @@
 
 - name: Install base packages
   apt: name={{ item }} update_cache=yes
-  with_items:
+  loop:
     - git
     - tmux
     - iotop
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 98b4aae..cef280e 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -8,7 +8,7 @@
 
 - name: Install base packages
   apt: pkg={{ item }}
-  with_items:
+  loop:
     - git
     - tmux
     - iotop
@@ -29,13 +29,13 @@
 
 - name: Security hardening (CIS Benchmark 1.0)
   apt: pkg={{ item }} state=absent purge=yes
-  with_items:
+  loop:
     - whoopsie # CIS 4.1
     - apport   # CIS 4.1
 
 - name: Remove annoying packages
   apt: pkg={{ item }} state=absent purge=yes
-  with_items:
+  loop:
     - command-not-found
     - command-not-found-data
     - python3-commandnotfound
diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml
index a3b3b55..be19b89 100644
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@@ -15,7 +15,7 @@
 
 - name: Remove DSA and ECDSA host keys
   file: name=/etc/ssh/{{ item }} state=absent
-  with_items:
+  loop:
     - ssh_host_dsa_key
     - ssh_host_dsa_key.pub
     - ssh_host_ecdsa_key
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 357beb9..8721c99 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -9,7 +9,7 @@
 
 - name: Install mariadb-server
   apt: name={{ item }} state=present update_cache=yes
-  with_items:
+  loop:
     - mariadb-server
     - python-mysqldb # for ansible
   tags: mariadb, packages
@@ -24,7 +24,7 @@
 # https://docs.ansible.com/ansible/latest/mysql_user_module.html
 - name: Update MariaDB root password for all root accounts
   mysql_user: name=root host={{ item }} password={{ mariadb_root_password }}
-  with_items:
+  loop:
     - "{{ inventory_hostname }}"
     - 127.0.0.1
     - ::1
@@ -37,13 +37,13 @@
 
 - name: Create MariaDB database(s)
   mysql_db: db={{ item.name }} state=present encoding=utf8mb4
-  with_items: "{{ mariadb_databases }}"
+  loop: "{{ mariadb_databases }}"
   when: mariadb_databases is defined
   tags: mariadb
 
 - name: Create MariaDB user(s)
   mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL state=present
-  with_items: "{{ mariadb_databases }}"
+  loop: "{{ mariadb_databases }}"
   when: mariadb_databases is defined
   tags: mariadb
 
diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
index 18efad9..7c1c91b 100644
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -18,7 +18,7 @@
 - name: Install certbot dependencies (Ubuntu 16.04)
   when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
   apt: name={{ item }} state=present update_cache=yes
-  with_items:
+  loop:
     - augeas-doc
     - augeas-tools
     - binutils
@@ -62,7 +62,7 @@
 - name: Install certbot dependencies (Debian 9)
   when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
   apt: name={{ item }} state=present update_cache=yes
-  with_items:
+  loop:
     - augeas-doc
     - augeas-tools
     - autoconf
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 52244dc..210236f 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -19,7 +19,7 @@
 
 - name: Copy extra nginx configs
   copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root
-  with_items:
+  loop:
     - extra-security.conf
     - fastcgi_cache
   notify:
diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml
index 8521ff6..566939a 100644
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@@ -2,7 +2,7 @@
 
 - name: Configure https vhosts
   template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root
-  with_items: "{{ nginx_vhosts }}"
+  loop: "{{ nginx_vhosts }}"
   notify:
     - reload nginx
 
@@ -18,18 +18,18 @@
 
 - name: Create vhost document roots
   file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx
-  with_items: "{{ nginx_vhosts }}"
+  loop: "{{ nginx_vhosts }}"
 
 - name: Install WordPress
   git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes
   when: item.has_wordpress is defined and item.has_wordpress == True
-  with_items: "{{ nginx_vhosts }}"
+  loop: "{{ nginx_vhosts }}"
   tags: wordpress
 
 - name: Fix WordPress directory permissions
   file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes
   when: item.has_wordpress is defined and item.has_wordpress == True
-  with_items: "{{ nginx_vhosts }}"
+  loop: "{{ nginx_vhosts }}"
   tags: wordpress
 
 - import_tasks: letsencrypt.yml
diff --git a/roles/php-fpm/tasks/Ubuntu.yml b/roles/php-fpm/tasks/Ubuntu.yml
index 2a46381..0fdebd6 100644
--- a/roles/php-fpm/tasks/Ubuntu.yml
+++ b/roles/php-fpm/tasks/Ubuntu.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install php7.0-fpm and deps
   apt: name={{ item }} state=present update_cache=yes
-  with_items:
+  loop:
     - php7.0-fpm
     # for WordPress
     - php7.0-mysql
@@ -15,7 +15,7 @@
 # only copy php-fpm config for vhosts that need WordPress or PHP
 - name: Copy php-fpm pool config
   template: src=php7.0-pool.conf.j2 dest=/etc/php/7.0/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644
-  with_items: "{{ nginx_vhosts }}"
+  loop: "{{ nginx_vhosts }}"
   when: (item.has_wordpress is defined and item.has_wordpress == True) or (item.needs_php is defined and item.needs_php == True)
   notify: reload php7.0-fpm
   tags: php-fpm