WordPress updates, whether manual or automatic, always raise questions and even fears among webmasters. These updates are necessary for the security and scalability of your site, but they also entail risks. So should you activate WordPress automatic updates? Let's explore the issues.
Contents
Manual updates
Regardless of whether you update manually or automatically, the risks are there.
All in all, no matter whether the update is automatic or manual, you're bound to run into problems sooner or later.
What are the risks of WordPress updates?
From simple bugs to site inaccessibility, here are the most common problems:
Action required : Sometimes an update requires manual intervention to adjust certain parameters or configurations.
A plugin or theme has a bug : An update can introduce a malfunction, especially if the plugin or theme is no longer maintained by its developers.
Version incompatibility A plugin or addon depends on another plugin and may not be updated as frequently, creating conflicts.
How to reduce risk
To avoid these risks and inconveniences, a staging process is necessary: this consists of trying out every update in a test environment before applying it in production. However, this practice requires considerable time and resources, which is not feasible for smaller sites.
Automatic updates
What are the advantages of WordPress automatic updates?
Switching to automatic updates saves time and increases security.
It's just a few clicks from your Plesk control panel. You have the option of disabling automatic updates for any plugins that cause problems.
1. Safety gain
By activating automatic updates, your site is protected against the latest security vulnerabilities as soon as they are identified. This reduces the risk of hacking and keeps your site safe without systematic manual intervention.
2. Save time and energy
Automatic updates reduce the need for frequent intervention. Instead of manually checking for new versions of plugins or WordPress, you save precious time that can be reinvested in higher value-added tasks.
3. More minor bugs
Thanks to regular updates, the bugs encountered will be more minor overall, simply because the changes are more minor. What's more, diagnosis will be simpler: if one plugin is causing a problem, you'll quickly find which of the few recently modified scripts is causing the problem, whereas if all plugins have received an update, you'll have to test them all one by one.
Requirements for automatic updates
With automatic updates, there are even more important prerequisites than with manual updates.
1. Automated and outsourced backups
Backups are essential in some cases. It is therefore important to have regular, outsourced backups with long retention times. These backups must be selectively and easily restorable.
On the LRob web hostingwe perform a host backup going back 1 year.
2. Site monitoring
You should monitor the response of your sites and check them manually from time to time.
You need to react quickly if necessary, to prevent a problem from affecting your site for too long. And you need to have the right tools to diagnose (access to logs, phpMyAdmin, file explorer, deactivation of plugins from the hosting panel - all available on the LRob web hosting). Your LRob support can help you diagnose and solve your problem, by getting involved in WordPress research and diagnostics.
What should I do if I have a problem with a WordPress update?
If an update causes a problem, you need to react quickly and effectively:
View logs Server logs can quickly reveal the source of the problem.
Deactivate the offending plugin If you can do without it, deactivate the plugin concerned.
Adapt settings : Sometimes a simple setting change is enough to solve the problem.
Developer support Contact support for the plugin or theme concerned to report the problem and get help.
Restore a backup If the problem is critical and has no immediate solution, then a backup restore may be necessary. In this case, it may make sense to temporarily suspend (automatic) updates until a solution is found. If you don't have a backup on your side, your LRob support can restore its host backup.
Contact your LRob support We manage a large number of sites, so it's highly likely that we've already spent hours solving a similar problem, or that our experience will enable us to find your solution very quickly. We're always happy to help you save time!
In short: manual or automatic update?
Manual update
By updating manually, you delay the appearance of problems that you'll have to solve sooner or later, while exposing yourself to more security holes.
This choice may be appropriate for very complex sites, subject to potential bugs and requiring more extensive monitoring.
Automatic update
In auto MAJ you risk a temporary bug, so you have to deal with the (rare) problems as soon as they appear.
The exception: complex sites
The exception being large, complex sites, such as WooCommerce with custom dev, where in this case it's better to staging and testing each update (max. every 3 months, or when a known security flaw appears), for an appropriate maintenance fee.
With a professional hosting service, such as that offered by LRobYou can benefit from technical support and extended backups, up to a year in the past, to secure your site against unforeseen events.
Conclusion
Overall, we feel that automatic updating should be your default choice, as security takes precedence over functionality. If you're "agile", then this shouldn't be a problem. After all, it's better to have a bug to fix than a hacked site and all its consequences to deal with. Small and medium-sized structures will often benefit more from automatic updates, while more complex sites require specific, in-depth maintenance management.
If you're ready to embrace automatic updates, make sure you have backups and a monitoring strategy in place to deal effectively with the rare incidents that might arise.
👉 For simplified management of your WordPress site, discover accommodation offers LRob and benefit from our expertise to avoid or solve technical problems and keep your site online, secure and performing.
Discover WPMasterToolKit the essential plugin to simplify your life and lighten your WordPress sites.
This made-in-France plugin, developed by Webdeclic's talented Ludwig YOU, brings together a host of essential WordPress features, each of which you can activate with a single click. All in a single extension: simplifying your management while speeding up your site! 🚀
A truly different plugin
WPMasterToolKit is simple and flexible. With over 83 free features already activated, this plugin lets you replace countless extensions with just one.
What makes WPMasterToolKit unique, apart from being French, is its ability to activate only the features you need, without unnecessarily burdening your site. Where other extensions are monolithic, loading unnecessary scripts even when you're not using them, WPMasterToolKit is designed to be light and efficient.
If a feature is disabled, the associated program won't load at all. In this way, you reduce your site's resource use and improve its performance, by loading only the features you really need.
Other functionalities are in the pipeline, and some are available as premium features to perpetuate the project.
The developer, Ludwig YOU, is very attentive to suggestions and is actively improving his plugin. This includes the recent addition of a tab that lets you see active features at a glance.
Key features of WPMasterToolKit
WPMasterToolkit: Active modules on the LRob.fr website
Here are some of my favorite features so far:
1. Hide WordPress version
Hiding the WordPress version displayed in the source code is an excellent security measure. It reduces the chances of your site being targeted by automated attacks aimed at specific WordPress versions.
2. Limitation of revisions
Managing content revisions is an often overlooked point that can quickly overload the database. WPMasterToolKit allows you to limit the number of revisions per article, which helps keep the database clean and efficient.
3. Disable emoji support
Emojis are useful for some sites, but most modern browsers already natively support these symbols. Disabling support for emojis in WordPress can reduce page load times.
4. Disable Really Simple Discovery (RSD) tags
By disabling the loading of RSD tags (and scripts like Dashicons for offline visitors), you can reduce the loading time of your public pages, especially if your site doesn't use third-party services that require these elements.
5. Disable jQuery Migrate
If your site uses recent versions of jQuery, the script jQuery Migrate becomes useless and can be disabled to improve page loading speed.
Other interesting features
In addition to these favorite features, WPMasterToolKit also offers a host of tools to make the day-to-day management of your site easier. Among the most popular are :
Self-publishing of missed articles Automatically publish items that have missed their planning date.
SMTP management Connects to a third-party SMTP server to relay your e-mails more reliably.
Disabling REST APIs for unauthenticated users REST: improves security by limiting access to data via the REST API.
Email ban Block the creation of user accounts with temporary or unauthorized email addresses.
Maintenance mode displays a customized maintenance page while you're working, without hindering administrators.
Redirect 404s to home page Enhances the user experience by redirecting non-existent pages to the home page.
And many more besides... The best thing is to explore and test for yourself! Who knows, you could replace dozens of plugins!
An essential WordPress toolkit that needs to be better known
With a host of customizable features, you have everything you need to customize and control your site, improve performance and enhance security.
At the time of writing, this new plugin has over 500 active installations. For me, this plugin is a real game changer, and I'm convinced that it will pass the thousand mark well before the end of the year, and that its popularity will then explode.
Finding the best cache plugin isn't easy. You have to test it, measure its performance, find out about its long-term support...
So what's the fastest cache? What's the best cache plugin? Which are practical and complete, which are efficient? Do I need to pay for a good cache plugin?
Today, we're trying to answer these questions with independent measurements that are as objective as possible. The test is a bit "meta" in that it involves testing on lrob.fra showcase/blog created with FSE (full site editing). A standard, lightweight site.
Contents
Introduction
The objective of a cache plugin: to fall below 200ms response time or "TTFB" (Time To First Byte; 200ms is the maximum time recommended by Google PageSpeed Insights).
But not all caches are created equal, as Yoan De Macedo reminds us in his blog post. Some perform better than others, while others may even degrade performance. So to really choose the best cache, you need to test several on your own site and measure the results precisely. Given the variability of response times, it's important to carry out tests over a period of time and average the results. This can be tedious, however, so you may want to use this comparison test as a starting point.
We also remind you that caching isn't everything. Caching can reduce server resources, but your site must be optimized from the outset. Otherwise, it's called "cache misery". So opt for lightweight, well-optimized plugins and themes to avoid unpleasant surprises. The cache will then be the icing on the cake.
Plugins tested
I have based this list of plugins to test on a "top" list of caching plugins as well as on my experience with plugins actually encountered by various hosted customers:
This LRob test is in no way sponsored by any caching plugin. It is intended to be as objective as possible. However, this test is only a reflection of itself and of our opinion, which cannot be perfectly objective and is therefore not intended to produce general truths. LRob is a independent web host specializing in WordPress.
Website details
The test is performed on https://www.lrob.fr/. The WP-Cron function is deactivated and executed directly by the server every 4 minutes. The site runs under PHP 8.3.12 in dedicated FPM behind Apache 2, with MariaDB 11.4. Redis server is also available on the host server (version 5:6.0.16).
Theme
The site is built with FSE and the Twenty Twenty-Four theme.
Plugins
The site has 17 active plugins at the time of testing (not including the cache plugin tested):
See the list of plugins
How to use Blacklist Updater
Complianz | GDPR/CCPA Cookie Consent
Connect Matomo
Easy WP SMTP
hCaptcha for WP
Insert PHP Code Snippet
Optimize Database after Deleting Revisions
Rank Math SEO
Regenerate Thumbnails
Simple Local Avatars
Site Reviews
Social Sharing Block
TranslatePress - Developer
TranslatePress - Multilingual
Update URLs
WPForms Lite
WPMasterToolKit
Measurements and details
Response time is measured with Uptime Kuma on a server at PulseHeberg in Switzerland (Lausanne), which provides this average. The production server is located at Hetzner in Falkenstein, Germany.
Each plugin is tested successively, with a measurement every 20 seconds for 5 minutes or more (sometimes I went for a coffee in between), i.e. a minimum of 15 measurements to obtain a consistent average.
Between each test, Uptime Kuma's recorded values are erased after an initial measurement once the cache is in place; the cache folder is deleted and it has been verified that the .htaccess and wp-config.php are indeed free of any trace of the previous plugin.
Protocol limitations
The test was carried out on a server in production, generating a slightly higher variability of results than that observed on a server with no activity. However, server usage is very moderate at the time of the test, and the variability is offset by a series of over 15 measurements each time, enabling the results to be averaged. The aim is not to get the value to the nearest millisecond, but to obtain an order of magnitude.
Furthermore, the test was carried out on a specific site and cannot be extrapolated to all sites: every site is different and will respond differently to certain plugins (particularly stores). But if your site is made with the Twenty Twenty-Four theme or another FSE (Full Site Editing) theme, then chances are your results will be similar.
Tests and Benchmarks
Baseline - Test control: Response without cache plugin
Without any caching plugins, the site responds in 379ms on average, with little variability. This is a relatively low base value, since sites made with builders can easily take 2 to 4x this response time.
Response time without cache
Let's take a look at how different caching plugins improve response times.
The response time is identical to the site without cache. And for good reason: Autoptimize's caching function is in fact only available with the paid plugin. In other words, you won't be able to speed up your site with the free version. That's a shame.
However, as the developer points out Simon JANVIERAutoptimize, in its free version, is more useful for intelligent concatenation and minification of scripts. In this respect, it can lighten your site, but will not improve its TTFB (response time).
Breeze
Contrary to what I initially thought, Breeze isn't just for Cloudways or Varnish, it also works on a classic system. I therefore add it to this test and thank Michael GOUT for bringing this plugin to my attention.
Breeze 1 settingsBreeze 2 settings
Breeze response time: 98ms
Average response: 98ms
The result is amazing: under 100ms with very stable response times! I'm just discovering this plugin and I'm falling out of my chair!
I have a minor reservation about the plugin's compatibility with all sites, due to the comments on wordpress.org. From these comments, it seems that its use could cause some problems with the most dynamic or complex sites, such as WooCommerce e-commerce sites.
For the rest, it seems an excellent choice not to be missed.
Cachify
Cachify offers database caching by default, and also supports file and Redis caching. We tested the default cache and Redis. Apart from that, very few other settings are available to us.
The results are similar between the "Database" cache and Redis, within the margin of error. However, the results seem to be more stable with Redis. In all cases, the result exceeds the expected 200ms, which is disappointing. This plugin cannot really be recommended.
LiteSpeed Cache
LiteSpeed Cache has been in the news a lot recently for its security flaws. The plugin also claims to correspond to an Apache server. So how does it fare in practice?
A disappointing result for LiteSpeed cache on our test configuration, since the site is within the margin of error of the site's original response time, without cache.
And for good reason, as Louis ChanceLiteSpeed, as its name suggests, doesn't cache anything on an Apache server! You need an available LiteSpeed server. We can't recommend this plugin if you're running Apache, given the performance it delivers and the many recent security flaws.
W3 Total Cache
W3 Total Cache offers a configuration wizard and numerous settings. It's the most complete free plugin I know. It supports various cache types, including Redis. Here, minification has been activated, which may slightly increase the measured response time but offers better performance for visitors with slower connections (mobile, ADSL, etc.).
Settings W3 Total Cache 1W3 Total Cache 2 settingsW3 settings Total Cache 3W3 settings Total Cache 4Minifcation W3 Total Cache settingsW3 Total Cache response time: 159ms
Average response: 159ms
Finally, a result under 200ms! With Redis, so avoiding thousands of cache files. And great control over settings and options like Lazy Load for images, and disabling certain optional WordPress scripts. Its versatile configuration will enable you to adapt more precisely to each site: you can measure the performance obtained with different settings and choose the most relevant for your specific site.
In addition, the other types of cache available also perform well, although not tested today, the results are fairly similar whatever the type of cache chosen.
In our experience, this plugin has never disappointed, so it's highly recommendable. (It's even LRob.fr)
WP Fastest Cache
This plugin offers some interesting options in its free version. However, some of the options offered free with W3 Total Cache are missing.
But the most important thing today: does this plugin live up to its name, by actually being the fastest?
This plugin lives up to its name, being one of the fastest tested! In our test, however, Breeze came out on top.
At LRob, we've seen many diverse blogs achieve great results with this plugin. It has never disappointed, and we recommend it without hesitation.
WP-Optimize
WP-Optimize offers very few cache settings. In fact, its primary function seems to be database cleansing. So how does it fare when it comes to caching?
Response time variability is too high for our liking, with responses oscillating between 132 and 180ms.
Nevertheless, the average remains very good at 152ms. A pleasant surprise.
We're not at all reassured by this variability, and so don't recommend this plugin as a cache. All the more so as we've already observed sites that were slower with this plugin than without... So use it with caution as a cache.
Solid Performance
As a bonus, I'd like you to try out a new caching plugin, Solid Performance, which looks promising. (thanks to Julien ROUSSEL for recommendation).
Although it provides no adjustment whatsoever, its measured response time is among the best in this test. Enough to potentially satisfy those who don't feel like making the slightest adjustment. As the plugin is young, it hasn't yet been tested, but a cache plugin can easily be changed if necessary in most cases, so there's not much risk in trying it out if you feel like it!
Summary of results and conclusion
Plugin
Average response (ms)
Percentage (lower is better)
Baseline (no cache)
379
100%
Autoptimize
379
100%
Breeze 🥇
98
25.8%
Cachify Database
257
67.8%
Cachify Redis
263
69.4%
LiteSpeed
376
99.2%
W3 Total Cache Redis 🥉
159
41.9%
WP Fastest Cache 🥈
123
32.4%
WP-Optimize
152
40.1%
Solid Performance
155
40.9%
We have no hesitation in recommending Breeze, WP Fastest Cache and W3 Total Cache which are all excellent. They offer very good response times with sufficient settings, even in the free version. It should be noted, however, that Breeze may cause a few problems on some sites. Also, W3 is a little more complete in the free version than WP Fastest Cache, which is why it has been chosen for WP Fastest Cache. LRob.frbut Breeze could potentially replace it in the long term, as it provides almost as many functions while being simpler to use.
In summary, according to our test :
Choose Breeze for maximum performance, rather for showcase sites
Choose W3 Total Cache for the highest level of customization, or if your host supports Redis (as is the case with LRob accommodation)
Choose WP Fastest Cache for excellent performance without configuration
A mention for WP-Optimize, which despite its lack of settings and wide variability in response time, shows a perfectly decent average response time. Mention also to Solid Performance which, as a newcomer, lives up to its name and looks promising without revolutionizing anything, as it stands, due to its lack of settings. Cachify's settings and performance are inferior to those of other plugins. We can't comment on LiteSpeed in our Apache configuration (except to say that its usefulness is very limited in this type of configuration). Autoptimize, finally, offers no improvement in loading times and is therefore totally useless for this purpose, according to our measurements, but could be used in conjunction with a caching plugin to reduce the number of files.
Given the good results obtained with these free plugins, it doesn't seem essential to pay for a cache plugin if you don't need the additional functions offered. We may, however, test the paid versions in a future article, if you're interested.
It goes without saying that high-performance hosting is essential to achieve the best response times. To achieve this LRob accommodation are here to serve you (in every sense of the word)!
Specialized WordPress hosting
Convenient, free, fast and secure
WordPress, Best CMS for 20 years
Much more than traditional hosting: benefit from simplified management and security tools for WordPress. With expert support included!
It's time to denounce an organization - SPFBL.net - which, although it claims to fight spam, actually seems to adopt practices contrary to this objective. Instead of fulfilling its role, this provider seems to be taking advantage of its position to engage in absolutely scandalous and unacceptable practices.
Not all RBLs are managed ethically. Today's example is SPFBL.net, a Brazilian RBL born in 2015(source MXToolbox)which is increasingly coming under the spotlight for its highly questionable practices.
Info: What is RBL?
An RBL (Real-time Blackhole List) is a list of IP addresses suspected of sending spam or other malicious content. Mail servers use these lists to block or filter potentially dangerous e-mails.
In this article, we'll take a look at this situation and explain why this company's practices are not only dubious, but potentially harmful to the entire Internet ecosystem if administrators decide to use this RBL. We'll also look at how to combat these practices.
Users' and service providers' views on the SPFBL blacklist
Let's start by showing the general opinion emerging from this blacklist. A quick search on the search engines shows that the forums (in English) are full of people crying foul about SPFBL.net.
Having contacted their support (I'll tell you more about it later), I'd tend to agree with them... Judge for yourself.
"I contacted the operator of this spfbl.net and he threatened me with getting my IP's blocked throughout the internet, how can something like this be allowed to happen."
"We got flagged because we don't have a contact email in our whois record (we have privacy turned on for it). Given that google.com also has that, I conclude that these guys are just a scam who want to be paid to have your domain unrestricted."
The infrastructure server LRob is a perfect example of a system that has been carefully configured and managed for many years. As system administrator of this server, I can say with certainty that no spam has ever been sent from this machine. What's more, all the essential settings are correctly in place: Hostname, rDNS, MX, SPF, DKIMand DMARC.
Despite these exemplary compliance measures, the server's IPv6 ended up on the blacklist of SPFBL.net.
A domain is considered non-compliant when the WHOIS search result for that domain does not contain the email address of the domain owner. Update the registration data and remove privacy protection for this domain in WHOIS and wait one hour for the cached result of this WHOIS query to expire.
This IP was flagged due to misconfiguration of the e-mail service or the suspicion that there is no MTA at it.
For the delist key can be sent, select the e-mail address responsible for this IP:
add a PayPal user's email for 2.00 USD.
The rDNS must be registered under your own domain. We do not accept rDNS with third-party domains.
Summary of exchanges with SPFBL.net support
Naturally, I contacted the RBL to check whether I'd understood their policy correctly and whether it was possible to discuss things with them in a spirit of good understanding. Result: yes, I had understood correctly, and no, I don't think it's possible to discuss matters with them as they stand.
Here is a ChatGPT summary of the e-mail exchanges:
Initial request (Robin) Robin, system administrator, contacted SPFBL to ask for help with the removal of his IPv6 address from their DNS blacklist. He wanted clarification on the reasons for the listing and advice on how to correct any misconfigurations, suspecting a link to WHOIS privacy protection.
Answer (Leandro) In response, SPFBL's Leandro asked Robin to temporarily remove the WHOIS privacy protection so that the IP could be removed via their online removal tool.
Concerns (Robin) In a statement, Mr. Robin expressed concern about the requirement to remove WHOIS privacy protection, citing RGPD regulations. He questioned the need to expose personal data, pointing out that no reports of abuse had been issued on his domain.
Explanation (Leandro) Leandro explained that their system used domain owner data to predict spam and associate domains under the same owner. No further justification for this policy was given.
Objection (Robin) Robin disputed the usefulness of WHOIS information for assessing IP behavior, calling SPFBL's policy counterproductive. He reiterated that his IP posed no risk and requested its removal from the blacklist.
Options (Leandro) Leandro offered two options for removal: temporarily remove WHOIS protection or pay a fee.
Firm response (Robin) Robin firmly rejected both options, describing the practice as dishonest and tantamount to a scam. He stressed that his IP was compliant and threatened to take legal action if the problem was not resolved.
Final answer (Leandro) Leandro rejected Robin's legal threats, stating that SPFBL respects American law and inviting him to pursue any legal action he deems appropriate.
Last warning (Robin) Robin recalled that the Internet is a global system, and that no location justifies harming legitimate businesses through dubious ethical practices. He confirmed his intention to take the necessary measures, specifying that his contacts would identify the relevant local authorities if necessary.
These exchanges took place between September 8 and 9, 2024.
In addition, I have a log showing that they tried to send an e-mail to a non-existent address for testing purposes, so that they could check for themselves that the server was correctly configured and rejected the e-mail:
Oct 9 14:55:13 ds postfix/smtpd[899530]: connect from matrix.spfbl.net[54.233.253.229]
Oct 9 14:55:14 ds postfix/smtpd[899530]: NOQUEUE: reject: RCPT from matrix.spfbl.net[54.233.253.229]: 550 5.1.1 : Recipient address rejected: User unknown in virtual mailbox table; from= to= proto=ESMTP helo=
Oct 9 14:55:14 ds postfix/smtpd[899530]: disconnect from matrix.spfbl.net[54.233.253.229] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
Oct 9 14:55:14 ds psa-pc-remote[2023328]: Message aborted.
The SPFBL.net case: an abusive practice
The case of SPFBL.net highlights alarming practices that run counter to the data protection and ethical standards respected by many other RBLs.
In particular, this RBL blacklists IPs according to abusive criteria, and then imposes highly problematic conditions for untracking IP addresses.
Let's unpack the "rules for free de-listing" according to the policy posted on their site on September 9, 2024, which also informs us about possible reasons for the initial blacklisting:
Only IP with rDNS pointing to the same mail server IP will be accepted, with FCrDNS for your convenience;
❌ This criterion is certainly standard, but this check should be carried out by the server receiving the e-mail, not by an RBL, which here adds no value.
The rDNS must be in the domain of the MTA administrator, so third-party domains such as the generic rDNS of the data-center or ISP will not be accepted, and its TLD cannot be free and must have a public and accessible WHOIS without privacy obfuscation;
❌ The administrator can very well infomanage the mails of a third party, as in my case where the MTA is "lrob.net" and the administration is done via "lrob.fr". This should not justify blocking. ❌ Blocking generic rDNS can be good practice, but that's up to the receiving server, not an RBL. ❌ Requiring a public WHOIS contravenes the RGPD in Europe. The right to send emails should not depend on the visibility of personal information in the WHOIS.
The postmaster account must be configured for the domain registered on the rDNS and the account must be active and responding;
❌ rDNS are often technical subdomains, like "ds.lrob.net". Having an e-mail address like "postmaster (at) ds.lrob.net" makes no sense. The postmaster can be contacted via other, more appropriate channels, such as a contact form or a main address.
If you are using an IPv6 with SLAAC flag, you must keep port 25 opened to proof the existence of an active SMTP service and
❌ While the server does need to listen on port 25 to ensure proper SMTP operation, again it's up to the receiving server to check this, not a blacklist to control it.
Reputation of IP should be below 25% of negative points per total send volume
✅ This criterion is consistent with the very principle of an RBL, which assesses the reputation of an IP address based on its actual behavior.
Let's also take a look at the paid delisting conditions:
Only static IPs with configured mail server reverseeven if FCrDNS is invalid;
❌ Under the pretext of paying, one would allow an invalid rDNS, which is contrary to e-mail configuration standards. This is a circumvention of good practice, which could allow misconfigured mails to be sent.
A PayPal account is required for the email address of this account to be assigned to the IP, as responsible for the abuse;
❌ Forcing PayPal to assign an IP address to an account is an unjustified restriction. It limits users' options and has no legitimate reason in a technical framework.
The PayPal user must agree to have their email address shown publicly on this platform as responsible for the abuses of that IP and
❌ Publicly exposing the email address associated with the PayPal account is an invasion of privacy and can lead to risks of harassment or abuse. This clearly goes against the principles of confidentiality.
Reputation of IP should be below 25% of negative points per total send volume.
✅ This criterion is acceptable and aligns with the principle of assessing the reputation of an IP address on the basis of its actual behavior, as expected of an RBL.
In short, this blacklist seems to me to be an attempt to reinvent the wheel with blocking rules that make absolutely no sense from a technical point of view.
As for delisting's conditions, even in its paid version, they remain abusive. From my point of view, this should have dissuaded any sysadmin from using this RBL by now.
Their aim, of course, seems to be to make a profit on the backs of users while recovering personal data.
Summary of problems with SPFBL.net
Several major issues call into question the wisdom of their practices and their negative impact on legitimate businesses.
Here are the main points to remember:
WHOIS private data exposure SPFBL.net requires administrators to remove their WHOIS protection in order to be removed from their blacklist. This means that personal and sensitive information, such as the domain owner's email address, must be publicly accessible for the IP address to no longer be blacklisted. In Europe, this request is in total contradiction with the RGPD (General Data Protection Regulation), which guarantees the protection of users' private data. WHOIS information has been private by default for many years. This requirement would expose system administrators and companies to the risk of abuse or targeted spam, which is contrary to good security and privacy practice.
Payment for delisting In addition to removing WHOIS protection, SPFBL.net also offers an alternative : pay $2 to remove an IP address from the blacklist. This practice is perceived by many as a form of blackmail. Demanding payment to restore the legitimacy of an IP address, when there is no evidence of suspicious or malicious activity, calls into question the transparency of their operations. This approach is likely to drive many legitimate companies to pay simply to avoid the inconvenience of blacklisting.
An inefficient detection model Grouping domains according to WHOIS information ignores the realities of the modern web, where many legitimate businesses use shared infrastructures, hosted by providers such as Google or OVH. As a result, IP addresses could be unfairly blacklisted simply because they share a domain owner with other users, regardless of their actual behavior.
A very serious potential impact
The consequences of these practices are numerous and serious for the Internet ecosystem:
Impact on companies : When an IP address is wrongly blocked, it can affect a company's ability to communicate by e-mail with its customers, partners or service providers. Detection errors or abusive demands can disrupt the smooth running of a business.
Blackmail and extortion : Asking for money to remove an IP address from a blacklist without proof of malicious activity is tantamount to extortion. This approach seriously undermines trust between ISPs and their customers.
Breach of confidentiality : By requesting the removal of WHOIS protection, SPFBL.net is violating the fundamental principles of personal data protection, particularly in Europe, where the RGPD (General Data Protection Regulation) protects users' private information. By exposing this data, SPFBL.net exposes system administrators and companies to the risk of misuse.
What can I do as an Internet service provider?
1. Stop using this RBL immediately
We must all urge our relations at the major service providers NOT to use this RBL.
It is absolutely essential that Internet service providers stop using SPFBL.net and other RBLs that fail to meet ethical standards. Another such RBL is UCEPROTECT, which blacklists entire IP blocks and then demands money from each of the IP users to unblock them.
Using a dubious RBL can have harmful consequences for end-users, businesses and the entire digital ecosystem.
There are many respectable alternatives that focus on detecting malicious activity based on actual behavior, not private information or arbitrary domain groupings. System administrators must remain vigilant and choose solutions that respect privacy and follow fair and transparent practices.
2. Don't give in
If, like me, you are a victim of this RBL and feel that these practices are abusive, please don't give in to the outrageous demands of this RBL. On the contrary, fight alongside me.
3. Report these practices to the appropriate authorities
Use your connections to get the word out to the French CSIRT (Computer Security Incident Response Team), at the_ANSSI but also to the CNIL for non-compliance with RGPD. If you have contacts at European level, pass on the information. If you're outside France or Europe, contact the organizations you can reach, and don't hesitate to use this article to explain the problem.
If you don't have a contact but understand what's at stake, pass on the info to people in the hosting and web sysadmin fields.
Conclusion
The case SPFBL.net is a blatant example of the dangers of the dubious practices of certain RBLs.
We understand that those who claim to fight the "bad guys" are not always "good guys" themselves.
To protect the integrity of the Internet and the respect of users, it is imperative that Internet service providers stop using this RBL and favor more respectful solutions available.
Fellow sysadmins: don't give in to the grotesque requirements of this RBL.
LRob will not give in, and this article marks the beginning of a fight which will only stop once the community has won its case. It can be done, by contacting the right people. And you can help.
If you are confronted with the abusive practices of SPFBL.net, join us in denouncing these actions and protecting the integrity of the Internet ecosystem. Contact the relevant authorities, share this information with your professional networks, and refuse to give in to these unfair practices.
The world of WordPress websiteswhich powers more than 40 % of the world's websites, is in turmoil. At the center of the conflict are two major players in the ecosystem: Matt Mullenwegfounder of WordPress and CEO of Automattic, and WP Engineone of the leading hosting companies for WordPress.
This confrontation, which has taken on legal proportions, raises crucial questions about control of the WordPress brand, open source, and the governance of one of the web's most influential projects. Here's a detailed analysis of the case and what's at stake.
Background: WordPress and WP Engine
WordPress and Automattic: a complex relationship
WordPress websiteslaunched in 2003 by Matt Mullenweg and Mike Little, is open source software for creating and managing websites. It's free to use, and enjoys the support of a large community of developers who contribute to its continuous improvement. However, the project's governance relies heavily on Automatticthe company founded by Mullenweg. Automattic manages WordPress.com and other popular products such as WooCommerce and Jetpack.
Although WordPress is open source, Automattic owns a exclusive license for the use of the WordPress websitesThis gives the company a central role in the ecosystem. This includes protecting the brand against perceived misuse or deception.
WP Engine: a major player in WordPress hosting
On his side, WP Engine is one of the largest hosting services specializing in WordPress. The company offers hosting solutions optimized for WordPress, making it easy for millions of users to manage their websites. It has experienced rapid growth, attracting leading investors such as Silver Lake.
However, WP Engine is not directly affiliated with Automattic nor to the WordPress Foundationeven though its name and business model are closely linked to WordPress.
The Beginning of the Conflict: Mullenweg vs WP Engine
In September 2024, Matt Mullenweg published a blog post in which he openly criticized WP Engine, calling the company a "cancer for WordPress. It criticized WP Engine for disabling the article revision history feature by default, a practice which, in its view, compromised the user data protection.
Mullenweg also denounced WP Engine's use of the "WP"We felt that this was confusing users, leading them to believe that WP Engine was part of WordPress or had an official link with the WordPress Foundation.
WP Engine's reaction
In response to these accusations, WP Engine sent out a cease and desist letter to Mullenweg and Automattic, demanding that they withdraw their statements. WP Engine defended its use of the "WP" trademark, claiming that it was a matter of fair use of the name, in accordance with trademark law. The company also accused Mullenweg of threatening to adopt a "nuclear approach against WP Engine unless it agrees to pay a substantial royalty for the use of the WordPress trademark.
Legal escalation: cease-fires and counter-attacks
In response to WP Engine's letter, Automattic issued its own cease and desist letter, claiming that WP Engine violated the rules for use of the WordPress and WooCommerce trademarks.
The conflict reached a new climax when Mullenweg has taken the radical decision to ban WP Engine from WordPress.org resources. This ban blocked WP Engine-hosted sites from accessing plugin and theme updates, exposing many sites to security risks. This measure has been widely criticized within the WordPress community, as it has left small businesses and independent sites without a viable solution.
WP Engine denounced this decision, accusing Mullenweg ofabuse of power and endanger the entire WordPress ecosystem.
Matt Mullenweg, CEO of Automattic, has misused his control of WordPress to interfere with WP Engine customers' access to https://t.co/ZpKb9q4jPhasserting that he did so because WP Engine filed litigation against https://t.co/erlNmkIol2. This simply is not true. Our Cease &...
The interruption of WP Engine services has had a major impact on many users. Although WordPress plugins and themes are licensed open source, hosting providers like WP Engine have to manage infrastructures so that their customers can use them. The temporary ban revealed the fragility of certain technical dependencies and highlighted the importance of a balanced management of open source resources.
However, Mullenweg asserted that conflict was strictly linked to trademark issues and not to the overall management of WordPress. The ban was temporarily lifted at the end of September, but the incident sowed doubts in the community.
Automattic too dominant?
More and more voices are being raised to question Automattic's dominant position in WordPress management. John O'Nolanfounder of the open source CMS Ghostcriticized the excessive centralization around Matt Mullenweg, asserting that "40 % of the web should not be controlled by one person".
On his side, David Heinemeier Hanssoncreator of Ruby on Railshas accused Automattic of betraying the principles of open source by requiring WP Engine to return 8 % of its revenues. For him, this practice could have repercussions far beyond WordPress, threatening the entire open source community.
Legal and commercial implications
On October 3, 2024, WP Engine decided to go on the offensive by filing a complaint against Automattic and Mullenweg for abuse of power and anti-competitive practices. WP Engine accuses Automattic of failing to respect its commitments to open source and of harming the interests of developers and users.
This case is still ongoing, but it could have far-reaching far-reaching consequences on how open source brands and projects like WordPress will be managed in the future.
A special message when you log on to WordPress.org
When logging in to the WordPress.org forums, a new checkbox appears:
✅ I am not affiliated with WP Engine in any way, financially or otherwise.
Unusual message that prompted me to look this up and discover this case.
Questions raised for WordPress
This mainly affects two large American companies that are exploiting WordPress commercially (in models that are, in my opinion, too modified from the original version of WordPress). The original version of WP is truly free, and you can host it wherever you like (and hopefully, you'll choose a host that's as free as possible). LRob hosting).
For the time being, independent web hosts such as LRob are totally unaffected by this conflict. There are no alarm bells ringing for us, even if we remain vigilant.
In any case, this conflict underlines tensions possible when managing a large-scale open source project. While WordPress remains an essential technology for millions of sites, the debate surrounding the brand ownershipthe governance and theopen source ethicsraises a number of questions.
In particular: how far can open source remain free when it is closely linked to massive commercial interests?
Imagine the drama: only 1 chance in 10 that your requests will reach you!
Contact forms are essential for acquiring customers. Yet a number of these forms are poorly configured and fail to forward prospect requests...
What's more, forms are supposed to be designed to save you time... And a few tricks can help you do just that... For example, by not receiving spam or by being able to reply more quickly.
Today, LRob saves you time and leads!
1. Do not set the customer's email address as From
The most frequent error when configuring contact forms is to consider the customer as the sender of the e-mail.
It may seem logical to put your email address in the "From" field, but this causes a major problem: mail spoofingor identity theft.
In this way, your website pretends to be your customer's email address (for example : john.doe@microsoft.com). If your customer's domain is secure (which is often the case), it will refuse to let your server send an e-mail on its behalf. The message will then be silently blocked by your email provider, or considered spam... 9 chances out of 10 that you'll be considered a spammer.
The solution is very simple: the e-mail sender must always be an address linked to your own domain. For example, use an address such as : site@votredomaine.fr. This ensures that emails sent from your form will not be rejected or classified as spam.
2. Protect your forms with a Captcha
Don't forget to add a Captcha to avoid spam.
Captcha isn't there just to annoy people: it's a simple, effective solution for filtering robots and preserving the quality of messages received.
Without this protection, you'll receive dozens or even hundreds of unsolicited messages a day, wasting time sorting through them and missing out on genuine requests.
To respect the privacy of your users, I recommend hCaptcha.
3. Configure SMTP on your site
Your website should have a dedicated e-mail address with a real SMTP login for your mailings. As a reminder, SMTP is the standard protocol for sending e-mail.
If your mail is with Gmail or Microsoft, this will be more complicated to apply because you pay for each mailbox and SMTP is disabled by default... But if it's with your preferred host so don't worry!
Default mailings via the php mail() function are sometimes disabled to prevent involuntary mailings and preserve server reputation (blocked by default at LRob, authorized on a case-by-case basis).
This ensures that the email is sent from a real email server, rather than from the website server when these two servers are separate.
SMTP will improve email deliverability thanks to email headers (meta-information) that are generally cleaner than php mail().
In the event of problems with the form (e.g. massive spam mailings), SMTP can be used to limit mailings to an hourly quota.
In the event of deliverability problems of any kind, if your host provides support for this (as is the case with LRob), SMTP dispatches are much easier to trace in the logs, which simplifies diagnosis.
In short, using SMTP is bound to improve your deliverability and avoid problems. So use it!
4. Check the deliverability of your form emails
Make sure your messages are well received by testing them with tools such as mail-tester.com.
Mail-Tester lets you measure the quality of your mailings.
Enter the e-mail address that appears when you visit mail-tester.com as the recipient of the form, take the test, then check the score.
A score of 9/10 or higher is recommended to ensure that requests are received correctly. This score should also be achieved for your regular email dispatches. If this is not the case, contact your email host for more information (or come and see us!). host at LRob !).
5. Run your tests in private browsing mode
When you test your contact forms, do so by private browsing.
If you're logged into your site, certain features such as Captcha can be disabled, to name but a few. This could distort your tests and give you the wrong impression of the quality of your form.
6. Use a recipient address linked to your domain
Make sure the receiving address (form recipient) belongs to your domain (vous@votredomaine.fr) and is not redirected to another address.
In the event of a problem with your form, for example if you receive spam via the form and the recipient is a major e-mail provider (Gmail, Orange, Yahoo, etc.), you could be considered a spammer.
Using your own domain as a form recipient means you can protect your e-reputation and reduce the risk of emails being blocked or mishandled by email providers.
7. Avoid confirmation emails
Sending a confirmation email may seem like a good idea, but beware.
If this message contains the text submitted by the user, then your form can be exploited by malicious people to send spam to any e-mail address via your site. Even if the text is not included, this can still generate unsolicited mail to third parties, which is never good.
This can tarnish your domain's reputation and expose you to penalties. It's best to avoid this practice.
8. Use the "Reply-To" field to facilitate your answers
Even if you don't have to put the customer's email address in the "From" field, you can still add it in the "From" field. "Reply-To.
In this way, you can reply directly to the e-mail form: your prospect's e-mail address will automatically be the recipient of your e-mail.
A simple, time-saving solution!
9. Save requests on the
Consider saving form requests in the site database.
WordPress plugins like " Contact Form 7 Database Addon "These services are available free of charge. You can then check from time to time that you haven't missed a request.
To find out more...
If you have any doubts about the configuration of your forms, or would like a personalized audit, please don't hesitate to contact me. contact.
So the advice on email deliverability is included in LRob support for all customers.
I just have to wish you every success with your new top forms! 💪
On August 19, 2024, a critical vulnerability was identified in the LiteSpeed Cache plugin, used by over 5 million WordPress sites. This flaw allows an unauthenticated attacker to impersonate an administrator, compromising the site's full integrity.
It affects all versions of the LiteSpeed Cache plugin up to version 6.3.0.1. By exploiting a bug in the role simulation function, an attacker can use a hash to impersonate an administrator. Once this hash has been obtained, he can create an administrator account via the WordPress REST API, enabling him to take control of the site.
The hash used is only six characters long, making it vulnerable to brute-force attacks. What's more, if debugging logs can be accessed, this hash can be easily recovered by an attacker.
What to do?
Don't underestimate this vulnerability. Threats of this type can quickly turn into disasters if not dealt with in time.
The solution is simple: update LiteSpeed Cache to version 6.4.1 or higher. This update corrects the flaw.
If you use Wordfence Premium, Care or Response, a firewall rule was deployed on August 20, 2024 to protect you. Users of the free version will receive this protection from September 19, 2024.
How do you stay protected?
With the WordPress Toolkit on LRob accommodationyou would have been automatically alerted by e-mail of the vulnerability and the update could have been automatic 😎. Backup is complete and daily at LRob, with a full 1-year retention! A good way to stay one step ahead of security threats.
When it comes to managing a WordPress site, you need to find a pro, a webmaster who knows what he's doing. A webmaster who knows what he's doing, who can turn an online journey into a joyful cruise!
But how do you choose the right one, or even the best one? WordPress Webmaster ?
Discover the 10 most useful qualities when choosing a WordPress specialist at the top!
1. WordPress culture
A good WordPress webmaster obviously needs to know WordPress inside and out.
First and foremost in its technical structure, but also in its functional and practical aspects. Indeed, among the thousands of themes and plugins, a good WordPress specialist needs to know the most popular scripts and, above all, their most common problems and solutions. While he'll never be able to know everything, his knowledge will enable him to adapt to new developments.
2. Proactive WordPress security
Safety is everything! Yet very few people master it. WordPress is a very popular site, and you need ultra-strict security to avoid hacking!
A good specialist has a security policy that he can provide.
It puts in place a whole host of transparent measures for you. For example, daily security vulnerability checks, automatic updates, hacker bot blocking and robust firewalls to protect your site.
It should also be able to advise you on any action you need to take to stay safe.
As a result, the risk of piracy is virtually nil. But beware: perfect security doesn't exist, it's an illusion, and anyone who claims otherwise is either ignorant or a liar! But don't worry: we can get pretty close to perfection, and that's the direction we should be heading in.
3. Managing WordPress backups
Regular, outsourced backups are a must!
Daily backups and 12-month retention guarantee peace of mind. Backups should be outsourced from the site and even from the main host, and managed directly at server level, for greater reliability. In the event of a problem, restoration must be rapid. With your back-up thus assured, you'll be able to work on your site yourself, without the fear of breaking it!
4. System administration
A good specialist must master the entire web hosting chain. He or she must have system administration skills.
So, he understands the challenges in terms of the chain of operation of a web server that hosts the site, he understands the issues of performance, security chain, he also manages emails, DNS and domain names without worry. He'll be at ease in any context, so you can manage your online life seamlessly.
In fact, he literally has to be passionate about IT to have a vast and broad culture of all the tools and knowledge that enable excellent management of your WordPress site.
5. He must accommodate you
If he doesn't host your site, your webmaster will be ineffective and won't be able to guarantee its security.
Your webmaster needs a secure server with WordPress-specific management tools.
In terms of security, we know that the first link in the security chain is the server. If your webmaster uses a silly shared hosting solution with no WordPress-specific security measures, security can't reasonably be guaranteed.
And in terms of efficiency, if your WordPress specialist has all the server access and centralized management of the sites he manages, then he'll be much more efficient at solving your problems. With access to backups, access to the terminal, access to logs (history of actions and errors), this makes for efficient, high-quality work. The most demanding (like me) will say that you can't do a good job without these tools.
6. Responsive, efficient human support
Support must be fast, efficient and human.
He or she must be able to resolve bugs efficiently, thanks to a well-thought-out methodology. Available by phone, e-mail or ticket, your specialist must respond quickly and effectively to your (reasonable) requests. If your site is critical, then an on-call service must be available for emergency interventions outside working hours.
7. Flexibility and customer freedom
You have to stay free.
Adapting to each customer's needs is essential. You need to be free to access all your data and intervene on your site yourself if you feel like it. Conversely, you can choose to delegate everything. Either way, the choice must be yours, and you must be free to leave whenever you like, for whatever reason.
8. Self-taught and adaptable
You're looking for a true genius.
Because WordPress evolves extremely quickly, your specialist needs to be able to constantly acquire new knowledge and adapt at lightning speed. Because it's impossible to know everything, even for an expert, you need to be able to learn quickly.
Thus, the self-taught person who has already learned successfully on his or her own initiative is often better able to maintain an excellent level over time.
9. A good environment
He knows how to direct you to the right person.
Tomorrow, you may have specific web-related needs. For example, you may need to launch a webmarketing campaign, increase your presence on social networks, redesign your graphic identity, or even create a physical event.
The right WordPress specialist can't know all of these topics because he's specialized in WordPress; on the other hand, he should be able to redirect you to trusted providers to fulfill your ambitions.
10. Sympathetic and outspoken
Aim for a relationship of trust.
Your webmaster is your best ally, and you need him to accompany you on the Internet just as much as he needs you to take pride in his work and earn a living. It's important that the conversation flows smoothly and without filters.
The best part: he has to be able to tell you the hard-to-hear truths when you need them to move in the right direction!
Where can I find my ideal WordPress webmaster?
If you want to check all these boxes, I'm your man.
The word "cloud" has lost its meaning. It's so misused that I've coined a phrase for it: "cloud bullshit".
The cloud is often synonymous with a proprietary solution that locks you into an all-in-one ecosystem that's extremely difficult to get out of.
When the price of your "cloud solution" goes up by 300%, or a revolting new general condition of use appears, or the service is down: what do you do? Do you suffer like a victim, or are you suitably prepared to switch providers?
Today, your Linux System Administrator specializing in WordPress web hosting gives you all the secrets you need to know to avoid being trapped by cloud bullshit.
The Cloud doesn't exist?
The spoon doesn't exist.
Cloud: Definition
Visit cloud computing (French for "cloud computing") refers to the use of the memory and computing capacity of computers and servers distributed around the world and linked by a network. Applications and data are no longer located on a specific computer, but in a cloud (cloud) made up of numerous interconnected remote servers.
We don't know where your data is. They're scattered all over an obscure computer system. Usually on a third party's premises, where you know nothing about the infrastructure and nothing about the data accesses and exploits carried out.
Is this really the future? No longer knowing where your data is?
Semantic shift of the word "cloud
Cloud" doesn't really exist any more, because it has lost its meaning. From a delocalized web infrastructure with resources scattered across several machines, a semantic shift has gradually taken place.
Cloud now means more than that: one or more servers in a datacenter hosting services. Basically, any online service belongs in the cloud.
In any case, it's still someone else's computer or computers...
Cloud = marabouage
With the cloud, everything seems to work as if by magic, without anyone understanding a thing. It's like magic!
If you don't understand, you're putting yourself at risk.
Solutions need to be simplified to make them intelligible.
It's by mastering your tools that you can protect yourself.
Linking applications and hosting: the danger of imprisonment
A major danger of the cloud: when hosting and service merge.
You're trapped in this solution. At 100%, you're dependent on the goodwill of an American company that owns your data, your work tools, over which you have no control.
For example, if you use the Office 365 suite, not only are you hosting your data on Microsoft's cloud infrastructure, but the services (calendar, excel editors, etc.) you use are proprietary and don't easily allow you to output your data to an alternative service.
The case of worldwide computer failure in July shows just what the problem is: until the service provider restores the service, you're completely stuck. Your business is held hostage.
The problem is the same with Google Cloud, but also with many service providers who provide you with proprietary solutions for your website or e-mail, which are often difficult to get out of.
Once you've got hundreds of employees on such a system, the organization and cost of getting out of it will turn off more than a few managers, even if it saves money in the long run.
The "good" and the "bad" cloud: the three criteria
What is a "good" cloud?
From my point of view as a system administrator, who therefore directly manages cloud infrastructures, there are three major criteria that characterize a good cloud:
It lets you know where your data is stored.
It does not exploit your data.
It's simple and standard, so you can change it as you like.
The GAFAMs (Google, Apple, Facebook, Amazon, Microsoft) are therefore directly excluded: proprietary solutions, impossibility of localizing data which generally leaves Europe, commercial exploitation of data (statistics, social engineering, etc.) and as a bonus: government partnerships giving the US authorities a free pass to access your data.
You've got it: the chosen solution must be simple, transportable, localizable, free and independent.
We can add that the solution must remain easily reachable and ready to help you unconditionally, even if it's with the aim of getting your data out of their hands.
Finally, an ideal cloud includes additional security features such as application firewalls or anti-bruteforce, anti-robot blocking solutions. And as surprising as it may seem, the biggest cloud providers generally omit this type of security, as it would require additional human support that they don't seem to want to provide.
The perfect cloud exists
Thanks to my expertise in free hosting, I've created the perfect cloud!
So perfect, in fact, that it's my entire business and my entire life. Proof, if proof were needed, of my total confidence in this system and its total viability.
What does it consist of?
Transparent localization
LRob web servers are perfectly identifiable. You can find out exactly where your machine is located.
LRob servers are located exclusively in Europe. Simplifying your RGPD management.
Open & portable solutions
WordPress websites, POP/IMAP/SMTP emails, Nextcloud open source collaborative suite: everything is standard and can be transported!
There's nothing to hold you back, and you have all the access you need to migrate your data if required.
So you'll be staying with LRob for pleasure!
No data processing
No statistical analysis of your use is made. There are no governmental agreements. Your data is stored on a free, open-source server, devoid of any intrusive analysis tools.
Enhanced safety
Although this requires occasional support in the event of a false positive, LRob isn't afraid to get in touch with you, and implements additional safeguards directly on the server.
Simple management
A simple, intuitive control panel (Plesk) lets you easily manage your domains and sub-domains, emails, databases, FTP access and backups. This access gives you total control over all your data.
The WordPress Toolkit helps you manage your WordPress installations without being intrusive. You save a lot of time and security, without losing your freedom.
And do you know what? With LRob, you're so free that you can even mix free and non-free solutions. If you really want to use Microsoft 365 or Google Workspace, it's still possible, and I'll even help you if you need it.
What about you? When will the perfect cloud arrive?
As the owner of one or more sites WordPress websitesYou should be aware of just how much practical, high-performance, reliable and secure web hosting can revolutionize your approach.
You have no idea how much you can revolutionize your WordPress management.
Revolutionize your management with the WordPress Toolkit
Whether you're an expert or not, managing and maintaining a WordPress site can be tedious and time-consuming. If you have several sites, it becomes even more complex.
Fortunately, with the WordPress Toolkit included with LRob hosting, maintenance becomes child's play! You'll save an incredible amount of time! The WordPress Toolkit totally revolutionizes the approach to WordPress management, making it much more efficient and scalable.
ℹ️ Unlike other tools, the WordPress Toolkit is non-intrusive: there are no plugins to install, and your WordPress installation remains perfectly standard!
✅ Install WordPress in just a few clicks, customize the installation if you like. No more having to create a database by hand. ✅ Check at a glance that all is well, and connect to your sites' back-office with a single click. ✅ Change your administrator password or email in 3 clicks ✅ In 1 click: enable/disable indexing, debug mode, server execution of wp-cron!
✅ Automatically update your sites, themes and plugins and check for security vulnerabilities at a glance (and be alerted by email when a new vulnerability is detected). 🔒 Apply a dozen security enhancements in just a few clicks. 🔨 Has your site crashed after installing a plugin? Deactivate this plugin in 2 clicks with the WP Toolkit! 🔨 Clone your site simply with the wizard
ℹ️ If you have several sites, then they are isolated from the system, but you can display them all on the same screen, so you can manage all your installations efficiently!
This makes complex, time-consuming tasks extremely simple. It's a revolution that will enable you to manage a large number of sites very easily.
Maximum performance for your WordPress sites
The speed of your site is critical to user experience and SEO. It also determines whether you'll be wasting your time in a slow WordPress back-office.
As a site manager, you certainly have a role to play in choosing well-optimized plugins. But that's not all: performance measurements before and after the switch to LRob show an improvement in performance by a factor of 2 to 15 compared with traditional hosting providers!
Here are the gains measured before (left) and after (right) migration to LRob.
LRob loads between 3 and 15x faster and load times stabilized10x faster loading at LRob and stabilization of loading times
How is this possible? Are the classic web hosts pulling our leg?
Conventional web hosts often sell you old, saturated server "clusters", which add latency at every stage of processing your site's pages and requests. Also, there's often no easy-to-use, high-performance caching solution directly on the server.
The LRob secret: simple, high-performance, well-managed servers!
A simple, state-of-the-art infrastructure Dedicated servers: physical dedicated servers perfectly OVER-SIZED so that everyone benefits from maximum performance whenever they need it. With local NVME SSDs for ultra-fast access to your files and MySQL databases, state-of-the-art CPUs for fast processing and huge performance margin, with far more RAM than you need.
Unique, intelligent management Exclusive anti-robot protection to avoid unnecessary server saturation, while protecting your sites. And optimized configuration of every web server software component.
A Redis cache in server RAM No more thousands of cache files stored on your site: Redis lets you store your site cache directly in server RAM!
Native security for your WordPress sites
Your site's security is paramount. Yet securing a WordPress site is often a headache that nobody really understands. Security plugins aren't very effective, they waste your time and hinder your site's performance.
A website hack is always a tragedy. That's why you need to do everything you can to protect your site. And that starts with a secure, native configuration of the server hosting your sites.
A specialized WordPress host drastically improves the security of your site over any plugin, thanks to rigorous server configuration.
Here's everything provided "out of the box" by specialized WordPress host LRob :
Application firewall customizable to block hacking attempts
Automatic blocking of pirate robots to prevent their queries from reaching your sites
WordPress-specific security enhancements in just a few clicks with the WordPress Toolkit.
Security alerts If a vulnerability is made public on your site, you'll be alerted directly by e-mail, so you can take effective action!
SSL Certificates Wildcard Let's Encrypt included to secure your site communications and related services such as email.
Daily outsourced backup with one-year retention period. Made at the highest level, i.e. directly by the server. More reliable than a backup made by your site, this backup can withstand the worst disasters! What's more, it's never sent to a GAFAM, and remains in LRob's private infrastructure, ensuring the confidentiality of your data. You can also configure your own backups to the FTP of your choice.
Simplified management with Plesk
Managing your WordPress hosting has never been easier than with Plesk.
This intuitive control panel lets you manage all aspects of your hosting with just a few clicks in an extremely well-presented panel! Good old cPanel is a poor substitute for Plesk's excellent presentation and practicality!
Whether you want to create email addresses, manage FTP access, configure your MySQL databases or modify your DNS zone, everything is at your fingertips. Including the WordPress Toolkit, which we'll talk about next.
You can even access web logs to quickly diagnose and resolve problems on your site.
Passionate WordPresss support and assistance
By choosing a specialized WordPress hosting provider, you also benefit from expert and passionate support that will do everything to help you, without reading a dumb script or blaming the customer.
Whether it's configuration advice, access problems or technical questions, LRob is always happy to help, sharing its knowledge and experience to help you achieve your goals.
This quality assistance is a complete game-changer for your day-to-day needs.
By the way: each of our hosted sites is monitored 24/7 all year round! In other words, if your site crashes following an update, we let you know as soon as possible, before you even notice! And we'll help you understand the problem and get it back up and running!
Outstanding options for dealers
Do you have several sites? Save even more time (and money)!
With the Plesk reseller panel, centralize and simplify your management, and become a hosting provider!
The more sites you have, the more economical the solution becomes. For example, at 2024 LRob rates, if you have 8 sites, hosting costs €47.5/year per site. If you have 128 sites, it's €15.5/year per site.
Become a single point of contact for your customers, create access for them when they need it, and offer a more reliable and efficient service.
You save time, you get a better margin on hosting... And you offer a better service! With expert support to back you up every day.
Treat yourself to peace of mind with dedicated WordPress hosting
Opting for specialized WordPress hosting means choosing serenity and performance for your site. You benefit from a secure, easy-to-manage service optimized for WordPress, and the best expert support when you need it most.
LRob offers performance beyond what you could dream of, even on a dedicated NASA server, with perfect management included, at an ultra-reasonable cost!
So don't wait any longer, put your trust in an expert WordPress host like LRob and give yourself the peace of mind you deserve.
WordPress is without doubt the most widely used CMS in the world. Its popularity makes it a prime target for hackers. Owning a WordPress site therefore requires constant vigilance when it comes to security. But why is it so important to have a WordPress site security audit? What are the risks involved, and why is it particularly important for companies whose website is central to their business?
Safety risks: an unavoidable reality
Cyberspace is riddled with potential dangers. For a WordPress site, threats can materialize in a variety of ways:
Fraudulent redirections Your site can be hijacked to redirect visitors to malicious sites.
Blacklisting Your site may be marked as dangerous, resulting in a loss of trust and traffic.
Spam and data theft Hackers can use your site to send spam on your behalf, or steal the e-mail addresses of your users and customers.
These situations can cause irreparable damage to your business, damaging your reputation and directly impacting your sales. Imagine the cost and loss of credibility if your customers were to receive spam on your behalf, or if their personal data were compromised.
The importance of auditing for companies
For businesses, especially those whose website plays an indispensable role, security must be a top priority. If your site generates revenue, collects sensitive data, or serves as the primary showcase for your products and services, a WordPress security audit becomes indispensable. A hacked site can lead to significant financial losses, legal disputes and brand image damage.
Beyond the CMS: The importance of server auditing
It's important to understand that securing the WordPress CMS alone isn't enough. A website relies on a complex infrastructure where every link in the chain counts. The server hosting your site plays a key role in its overall security.
The final safety level is equal to that of the weakest link in the chain.
A comprehensive safety audit should therefore include server security analysis:
Evaluation of server configurations
Access control
Checking open ports and active services
Software version and security vulnerability assessment
Assessment and recommendations for maintenance policies
Protect your site, protect your business
A WordPress security audit is much more than a simple examination of the CMS. It's a comprehensive assessment of the entire infrastructure that supports your website. By taking proactive steps to secure your site, you protect not only your data, but also the reputation and viability of your business.
Don't let pirates get the upper hand. Invest in a WordPress security audit and ensure that your site remains a valuable asset for your business, not a vulnerability exploited by cybercriminals.
Everyone's trying their hand at eco-responsible sites. While this won't save the planet, it does help to raise awareness. It's a step in the right direction.
But the aim is to maximize efforts. And while site optimization from the visitor's point of view ("customer" side) is often emphasized, server-side optimization and choices are all too often neglected.
Yet hosting is the cornerstone of a truly "greener" web, accounting for most of the resource savings you can achieve.
Deciphering. 👇
1 - Customer optimization
This is the best-known and most obvious aspect. It involves reducing the weight of resources sent to visitors, thus improving loading times and reducing the site's carbon footprint.
This focuses on two main points:
Design: choose optimized themes and plugins to avoid sending massive amounts of fonts and useless JavaScript or CSS code.
Image optimization: use suitable image formats, compressed to modern standards such as webp, to minimize bandwidth consumption.
But that's just the tip of the iceberg.
Let's move on to the really decisive aspect! 👇
2. Hosting and server resource optimization
This point is often underestimated, yet in my opinion it represents 90% of the impact!
Choice of host 🏭
Hosting companies have a lot of room for maneuver when it comes to going green.
Green electricity, geographical location, heat recovery, type of cooling, choice of sustainable, low-energy machines.
Removing up to 99% of unwanted traffic generated by hacker bots reduces machine power consumption by more than 50%. However, hardly any web hosts apply these filters, as it requires additional support to deal with false positives (and, in concrete terms, to unblock customers who repeatedly enter the wrong password, or use plugins making suspicious requests).
This has the added benefit of drastically boosting performance for real users.
I achieve this with attack detection and blocking techniques such as ModSecurity and Fail2ban, which are standard for those most familiar with web hosting system administration.
CPU optimization 🧮
Developers need to write light, fast code, and use high-performance caches like Redis (available on my hosting services), to maximize server efficiency.
What we're talking about here is a factor of 2 to 10 reduction in server CPU usage thanks to a good cache.
It's worth noting that traditional caches that write temporary files to servers are less optimal than Redis, which stores everything in RAM, thus avoiding unnecessary consumption of space and I/O (disk read/write) resources.
Efficient pooling 🫂
Optimized management of servers and sites, based on the above points, avoids wasting physical machines (each server can hold more sites) while ensuring maximum performance for all.
This approach also relies on a close relationship with customers to ensure customized management. For example, if a site is consuming more resources than expected, it may be due to an attack that needs to be blocked, or a concern about site optimization that needs to be brought to the customer's attention, with personalized advice.
Hopefully, you've learned something. In any case, from now on you won't be able to say you didn't know. 🌟👍
Are you wasting time maintaining your WordPress sites? 🥵
Here are 10 key points for managing hundreds of them super efficiently! 😎👇
1. Centralize your sites
Group your sites together on just one or a few servers, but make sure that each site remains system-isolated for security. This will be much easier to manage and more economical than hosting each site individually.
2. Manage DNS via the host server
Manage DNS of your domains directly via the hosting server. The creation of sub-domains will be simplified, your e-mails will be pre-configured for good deliverability, and you'll be able to benefit from a free WildCard certificate to protect all your domains with SSL/TLS encrypted connections. You'll also be able to centralize your email management, for even greater efficiency.
3. Choose high-performance hosting
Don't waste your time with a slow back-office. Choose high-performance hosting like LRob's to be sure that if your site is slow, the problem isn't with the server but with site optimization.
4. Use the WordPress Toolkit
Choose hosting with the WordPress Toolkit. You'll be able to log in to each site with a single click, receive security alerts, add additional protection with a few clicks, benefit from automatic updates and deactivate a problematic plugin even if the site has a problem.
5. Make sure you have a good daily backup
A good backup should be managed on the server side, not by the site itself. For peace of mind, have a copy at home in addition to the one at your host. Problems with a site? Restore a backup. And test your backups before you need them, so you won't be caught short in the event of a problem.
6. Easy access to server logs
In the event of a bug on your site, which is bound to happen one day, access to server logs is essential to find and correct the error quickly.
7. Choose a service provider who has your back
Choose a reliable provider for backup, support and monitoring. When the going gets tough, you'll know the difference between a good provider and a bad one.
8. Enable automatic site updates
With a good backup and a good provider, activate automatic updates for your sites, as enabled by the WordPress Toolkit. This eliminates the need for manual updates, increases security and saves you a lot of time. You'd be surprised how few problems occur when updates are made regularly.
9. Use additional server-level security
Choose a server with additional security features such as an application firewall, anti-bruteforce and automatic banning of attacking IPs. This, combined with the above measures, reduces the risk of hacking by 99 %, while drastically reducing unnecessary load on the server, for optimum performance.
10. Add value to your hosting and maintenance
Communicate your safety and maintenance measures. Invoice your customers for this added value, and secure your business with high value-added subscriptions. And be proud of the service you offer, so you can grow your business.
Do you have between 5 and 128 WordPress sites to host while respecting all these criteria? My offers Web Agency are made for you! Contact me at for more info.
Would you like to share your own method? Any points to add? Comment below! 👇
With these tips, you'll optimize the management of your WordPress sites, save time and improve their security and performance. Don't hesitate to contact me to find out how we can work with you to achieve your goals.
By mastering DNS, you can FREE with your websites and domain names! 👇
Learn the essentials in 2 intense, effective minutes instead of a boring 3-hour course. 🤯
What is the DNS system?
📄 The Domain Name System is the digital highway that makes a domain name (e.g. lrob.fr or google.com) accessible. Basically, the domain is "pointed" to a destination.
Examples:
If you visit a domain like lrob.fr, your web browser makes a DNS resolution request in the background to find out the IP address of the server hosting the site.
When you send an e-mail, further requests are made to find the destination mail server and authenticate the sender.
How does the DNS system work?
1 - Registrar 🏢
Domain names such as lrob.fr are registered with a "registrar" such as HaiSoft, Gandi, NameCheap, OVH and others.
Each registrar must go through a "registry" that is the authority for domain name extensions. For example :
.en AFNIC
.com / .net Verisign
.org Public Interest Registry (PIR)
2 - NS (Name Servers) 🌍
To make a domain "resolvable" (accessible), it must have "name servers" or NS (Name Servers).
NSs contain the domain's pointing information and are said to be "authoritative". Always define at least two NS for redundancy. The registrar sends this information to the registry.
ℹ️ The domain owner ("registrant") is free to use the NS of his choice, or even to create his own, using values called Glue Records.
Various providers exist and you can create your own directly with a little knowledge. This is the case, for example, with lrob.net, my infrastructure domain with a complete autonomous DNS system supplied to all hosted customers to centralize their DNS management independently of the registrar used. How convenient!
NS servers contain the domain's DNS zone. It is this DNS zone that contains the actual pointing values.
For example:
the IP of the server hosting the site
IP or host name of mail server
Meta-information such as the list of servers authorized to send mail for a domain.
Click here to discover all possible DNS values and how to manage your DNS zone via LRob.
What do we do with all this?
You're now free to register a domain name with any registrar, to manage your NS (and therefore your DNS zone) wherever you like. And your sites and e-mails can be placed with as many different providers as you like, with complete freedom thanks to DNS zone settings!
To never go wrong with your DNS, choose a Hosting LRob ! 💪 I can help you with all your web challenges! 🤝
Do you know where your data is physically located? In which datacenter? Who has access to it?
If only one of these answers is "no", it's more serious than you might think.
Regain control in 3 steps.
1 - Becoming aware of the problem
Using a Google or Microsoft service can be a source of pride and even joy, at first...
This is where marketing really comes into its own: customers who are happy to pay premium rates, i.e. several hundred or even thousands of euros a month in the case of large teams.
But who really wants to hand over their most precious data to the American giants? Who wants to get caught up in a retention mechanism that's hard to get out of? Who doesn't want to know where their data is, who has access to it, and what is done with it? And pay premium for it...
Without even needing to talk about "Big Brother" (which is a reality, these companies know you better than you know yourself, enabling mass surveillance and subtle manipulation of your search and other results that you can't even notice), such an operation can only be worrying, whether for an individual (even if they have nothing to hide), or for a company, whose business depends in particular on its documents and emails.
If you're able to say "I don't have a choice, everyone else is using it", you're wrong. Other independent solutions do the same job, or even better, for less money, while allowing you to retain full control over your data! Their development is solid, and these tools are being used by more and more people who value control over their data.
2 - Control your emails
Mails are an extremely standard service, and many service providers offer them.
But how do you choose?
A mailbox is not a calendar, a document-editing suite, a coffee machine, or anything else. If you have a problem with one of these services tomorrow, it doesn't have to be linked up in such a way as to complicate the changeover.
Choose a simple provider: a mailbox is a mailbox and should be nothing more than that.
Also, choose a secure provider: any web host or email service provider must comply with email sending standards (rDNS/HELO/SPF/DKIM/DMARC) and actively combat spamming from its network, which is of course the case with LRob, which comes with these security features without any additional configuration on your part.
To connect to the mailboxes, the service provider must supply a standard webmail like Roundcube (free and open-source, perfectly optimized, standard and simple), as well as a POP/IMAP/SMTP connection. For the connection, you'll use either the webmail provided, or the software of your choice (Thunderbird, Outlook, or email apps on smartphones). Need I remind you that LRob also provides Roundcube and POP/IMAP/SMTP connection as standard on all web hosting packages with email included?
An unresolved problem with your service provider? Migration can be as simple as copying mailboxes to IMAP and making clever DNS changes to avoid service interruption. If you need to migrate, even from a Microsoft cloud, contact me!
To work as a team, many use a collaborative suite like those integrated with Microsoft Office 365 or Gmail mailboxes.
But as we've seen, this has nothing to do with a mailbox and should be a separate service.
For this, a free, open-source solution exists: it's called Nextcloud.
More and more data-sensitive professionals are using it. The reason is simple: it's a website like any other, admittedly a little heavier than average, but it can be hosted by any powerful host like LRob!
Well managed with the addition of a document-editing suite like Collabora Online, Nextcloud enables collaborative editing, file sharing with teams or customers, calendar sharing, task management, chat, and much more.
Compatible with Windows, Mac, Linux, Android and iOS, Nextcloud lets you access your files from anywhere!
For contacts and calendars, Nextcloud uses the CardDAV and CalDAV standards. On Android, for example, you can use the DAVx5 app to dispense with the Google calendar and contacts altogether, and store everything on Nextcloud. Ideal for business environments.
In the world of web hosting, ecological and privacy concerns are paramount. Certain preconceived ideas can hinder the choice of a web hosting provider, particularly in Germany. This article aims to dispel these prejudices, highlighting the excellence of Hetzner, my German hosting partner, in terms of eco-responsibility, interconnection and confidentiality.
Ecoresponsibility: Beyond Greenwashing
🌿 Hetzner, a key player in the German and European hosting industry, is actively committed to preserving the environment. Contrary to the accusations of greenwashing often levelled at companies in this sector, Hetzner proves its eco-responsible commitment by using exclusively green energy, supplied by Energiedienst AG, a company specializing in renewable energies such as wind and hydroelectric power. But that's not all.
Innovative Server Architecture
📉 Hetzner is also revolutionizing its server architecture. By opting for a customized chassis-less design, the company saves raw materials, improves ventilation (outperforming traditional servers such as those from Dell), and reduces overall costs. This innovation translates into greater energy efficiency, the ability to operate at higher temperatures (reducing the need for air conditioning), and the ease with which components can be upgraded and reused.
By optimizing its design, Hetzner offers better prices while preserving our beloved planet as much as possible.
Reliability and Performance in Practice
⏩⏩ The efficiency of Hetzner custom servers is not limited to their design. When the going gets tough, you need to be able to rely on your hosting provider. Hetzner succeeds in this too, and can, for example, replace a faulty hard disk in its datacenter in just 15 minutes - a speed unmatched by other providers.
Exemplary customer support
🤝 Customer support at Hetzner is not only competent but also efficient, reflecting the overall reliability of their services. This operational excellence translates into minimal demand for support intervention.
Optimal Interconnection
🌍 Hetzner ensures impeccable interconnection with France, thanks to direct peering with France-IX Paris, which handles peaks of 2.5TBit/s. Hetzner's peering is 100Gbit/s on France-IX Paris, which has an impressive 99.9997% reachability rate over the past year.
There is a 5 to 10ms latency, however, due to distance. In practice, with HTTP/2 (and 3) the impact is of the order of the margin of error, and the superior performance of the machines more than compensates for this micro-loss, with loading speeds between 2 and 4x faster than many French servers.
Network performance in practice
In practice, the major French ISPs such as Orange, SFR and OVH can saturate a gigabit link with Hetzner without a hitch. Free, the worst pupil of interconnection in my general experience with them, still reaches Gigabit in burst then oscillates between 100 and 250Mbit/s) because of its very conservative (not to say stingy) QoS rules. As for Bouygues, I know that you can saturate a 5G link without any problem, but I haven't yet had a chance to test the fiber link; as their interconnection is generally among the best, I imagine that you can saturate a gigabit link too.
Security and Confidentiality at the European Level
⚖️ Germany, like France, is subject to strict European privacy regulations. Hetzner complies with the DIN ISO/IEC 27001 standard, guaranteeing a high level of data security and confidentiality. With the Hetzner cloud on a dedicated server, customers can be sure of knowing where their data is stored.
An Advantageous and Reliable Choice
✅ Hetzner stands out not only for its commitment to eco-responsibility, reliability and security, but also for its competitive pricing. It represents a cost-effective hosting choice, surpassing many French offerings in terms of quality and performance.
To take advantage
Take advantage of hosting on one of my 24/7 managed and monitored Hetzner servers.
When a product stands out from the crowd to the point where it blows away the competition, like WordPress, it's often due to a marketing strike force, and sometimes by luck. But WordPress is far from having stolen its place, and here's why.
Open-source
The open-source nature of WordPress has worked in its favor. The project has won over the community, and because the code is open to all, one of the largest developer communities has formed, contributing to its continuous improvement. This not only enables regular updates and feature enhancements, but also creates a rich ecosystem of free and paid themes and plugins. As a result, users can customize their sites ad infinitum, meeting almost any specific need within their budget. So you can build exceptional sites without buying a single paid module, and have confidence in the WordPress code, which is reviewed by a large community.
Easy to use
WordPress offers an intuitive interface that enables even beginners to create and manage websites without in-depth technical knowledge. While secure maintenance and advanced use require professional intervention, basic WordPress management remains very accessible to all. This opens the door to a wide range of users, from individual bloggers to small businesses and large corporations.
An extraordinary community
The worldwide WordPress community is a major asset. It offers an endless source of information and support to users through forums, groups, educational blogs, YouTube channels and meetups. This dynamic community fosters the exchange of knowledge and experience, making learning and problem-solving more accessible to all.
Robust and versatile
WordPress' robustness and versatility make it suitable for a wide variety of web projects. From personal blogs to complex e-commerce sites, WordPress can handle a variety of site types, making it attractive to a broad spectrum of users.
WordPress' dominance of the web market is no accident. It's the result of a combination of ease of use, openness, flexibility, scalability and exceptional community support. WordPress also sets itself apart by letting you own your website, which can then be hosted by any web host.
Together, these elements have created a platform that not only meets the current needs of web users, but is constantly evolving to anticipate and integrate future trends in the digital world.
Looking for secure hosting with expert WordPress support? This is the this way !
Who wants to spend their days sorting through hundreds of spam messages in their mailbox? Who wants to risk receiving viruses, phishing or intimidation? Don't you? Then here are 6 ways to protect yourself from this waste of time. It's been 5 years since I implemented all these tips and I don't receive any spam.
1) Never post your address publicly on the Internet.
It can be tempting to display your email address on your website or networks to facilitate contact.
But pirate robots are on the lookout for publicly displayed email addresses. They collect them and resell them on the black market to spammers and other malicious parties.
For your information, a list of 100,000 addresses sells for just $15. Use the solution in point 2) instead.
2) Use protected contact forms.
Since you won't be displaying your e-mail address on your site, you'll set up a contact form that will send messages to your e-mail address. But a robot is perfectly capable of filling in a contact form, sending you spam here too.
All contact forms must therefore be protected with an anti-bots system (Captcha). Some robots manage to bypass them (and sometimes humans will send ads via your form), but you should receive few enough to focus on useful e-mails.
3) Never trust your e-mail address: Use e-mail aliases.
There's no such thing as 100% security, and over a sufficiently long period of time, any site on which you're registered with your email address will theoretically be hacked. Whether it's a government site, an institutional site or a major corporation, almost all of them have had their data leaked, even the biggest. Also, your contacts can be hacked and their address books recovered. So it's not a question of "if" but "when" your e-mail address falls into the wrong hands.
To avoid giving out your real e-mail address, the only way to save yourself is to use aliases. Choose a service provider who (like me) allows you to create unlimited e-mail aliases. And not aliases derived from your real address, which would make it easier to find it, but independent aliases. So you'll create an alias for each service provider on which you'll set up an account. An account on laposte.fr: give them the email "laposte@mondomaine.tld". Mails sent to this address will fall directly into your inbox. So if one day you notice spam in this box, you'll automatically know which service provider has leaked your address. All you have to do is create a new alias for this provider, change the e-mail address on your account, and delete the old alias. And remember, put an alias on your business card too, and only reply with your "real" address if you trust it. If the worst happens, you can always rename your mailbox and use the old one as an alias (see point 6).
4) Check the redirections to your mailbox.
In time, you may have created mailbox redirects to your own. While this may be practical for a transitional period, it's not a viable long-term solution. Not least because any spam received by the original mailbox will then be forwarded to its name, making it a spammer...
So don't keep a redirect forever, but consider it as a transitional solution.
5) Choose a trusted email service provider.
Some incorrectly sent spam should never see the color of an inbox. They should be filtered out by the email provider before they even reach the spam filter, just because they are sent in an insufficiently authenticated way. I'm not going to name names, but some providers, especially free and French ones, don't check email authenticity properly and let aberrations through.
6) Don't hesitate 1000 years to change your address.
When you receive dozens of spam messages a day, your address is probably already circulating on spammers' networks. Perhaps your address has been leaked into a data breach or posted publicly.
There's no turning back, and anti-spam filters won't work miracles, or they'll do so at the cost of expensive, time-consuming procedures, or numerous false positives (legitimate e-mails going to spam).
It's probably time to change your e-mail address. But you probably have many associated accounts and want to keep it. If your service provider supports aliases (as I do!), you can alias your old address to the new one and continue to receive your e-mails for as long as it takes; and you can even automate moving them to another folder so as not to pollute your view on a daily basis. Once the transition is complete, apply all the rules in this article and delete the alias in the old box. You're now spam-free!
Are you looking for standard, open-source, secure and flexible email hosting, with unlimited aliases and spam filter control? My web hosting packages include unlimited e-mail addresses and aliases! Click here for details: https://www.lrob.fr/services/hebergement-web/
Manage your cookies
This site uses cookies for functional and statistical purposes. All statistics are anonymized and self-hosted on a private Matomo server in Europe. This helps us to understand what you like to find on this site and to perpetuate the professional activity proposed. Non-acceptance may break certain functionalities. For a better experience, please accept cookies.
Features
Always active
Some cookies are required for the basic functionality of this site.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
Allow this site to collect anonymized and preserved statistical data from third parties such as Google.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
