Category: Security
Cyber-attacks, backups, data protection: follow my expert advice to strengthen the security of your websites and online services.
ACF: CVE-2025-54940: why 6.4.3 is still a must-have update (even if the CVSS score is moderate)
An HTM injection flaw affects Advanced Custom Fields up to version 6.4.2. Moderate risk, but must be corrected quickly to avoid degradations, phishing or XSS.
💥 GiveWP data leak: over 100,000 WordPress sites affected
A vulnerability in the plugin GiveWP exposes donor names and emails on thousands of WordPress sites. No login required. Find out what happened, why it's controversial... and most importantly, how to protect yourself.
The best free, open-source password manager in 2025 (KeePass)
Secure your passwords with an open-source, self-hosted solution Managing your passwords is a real headache! We all know that the security of our personal data depends on our passwords, but frankly, who hasn't made a mistake when managing them? Let's take a look at how to avoid the most common pitfalls and find the ideal solution for keeping your passwords safe. Common password management mistakes Two simple questions to see where you stand with your password management: No...
A critical flaw in ASUS routers: thousands of devices compromised in a stealth campaign
Since March 2025, a very discreet hacking campaign has been targeting ASUS routers exposed on the Internet. Cybersecurity firm GreyNoise recently revealed that thousands of these devices had been infected without leaving any visible traces. The level of sophistication of the attacks suggests a highly experienced, even state-run group. The aim seems to be the classic one: to build up a botnet. 🛡️ When it comes to websites, don't forget the importance of hosting your web services with a secure hosting provider, such as LRob, which protects your data well beyond the basic infrastructure. In a nutshell: what you need to know 1. How do...
World Data Backup Day 2025 - Web data and collaborative clouds
You don't want to know how much it would cost you to lose your business or personal data. And yet it's a very real risk - one that affects individuals and businesses alike every day, often through negligence, forgetfulness or a false sense of security. To mark World Backup Day, celebrated every year on March 31, LRob, your WordPress web hosting specialist, helps you take stock of best practices, practical solutions and pitfalls to avoid, so you never lose a precious piece of data again. What is World Data Protection Day?
Let's Encrypt stops SSL/TLS certificate expiration notifications: Why this is good news
As of June 4, 2025, Let's Encrypt will no longer send you emails to notify you when your SSL/TLS certificates have expired. This change, which may seem surprising, is actually excellent news for system administrators, web hosts and site owners. In this article, we'll look at why this decision simplifies certificate management and improves security. At LRob, our web hosting packages already integrate Let's Encrypt and automate SSL certificate management, ensuring that HTTPS always works without manual intervention. Let's Encrypt: a key player in free, automatic SSL/TLS...
Performance and Security: LRob's strategy for optimal WordPress hosting
High-performance, secure WordPress hosting, without compromise At LRob, our mission is clear: to offer fast, secure WordPress hosting, minimizing the impact of attacks while optimizing server performance. Unlike standard solutions that simply respond to threats, we go further by actively preventing unnecessary server loads. Because while some hosting providers fail to implement sufficient or any attack blocking measures, or offer no transparency at all, LRob can proudly display the measures in place and the results achieved. In this article, we explain our strategy, which is based on three layers of security...
Record attack: 2.8 million IPs compromised: What impact for WordPress hosts?
A new threat of unprecedented scale is rocking the web: 2.8 million compromised network devices are currently being exploited to flood the Internet with malicious requests. At LRob, as a web hosting provider, we've seen a dramatic increase in attacks in recent days. We'll explain how we're effectively blocking them. These attacks are not just a nuisance: they can seriously impact the performance and security of your websites. How does the attack work? What impact does it have on your websites? How can you protect yourself? Here are the answers. Details of the cyber attack Discovery of the...
Symfony: 8 new security vulnerabilities discovered - Analysis and recommendations
On November 6, 2024, after a year without a flaw, Symfony released eight vulnerabilities on its blog. They affect different versions of the Symfony framework. Here's a summary of these critical vulnerabilities, their potential impact, and the solutions implemented by Symfony. Understand the implications of these vulnerabilities for securing your applications. Introduction Even the most renowned frameworks like Symfony are never immune to security flaws. Whatever your application solution, vigilance is essential. Security features such as a ModSecurity application firewall and automatic blocking of...
LRob now contributes to malicious IP reporting with AbuseIPDB
For a long time, I've been looking for a way to effectively exploit the hacking data blocked by my servers. And as a WordPress hosting specialist, believe it or not, I thwart hundreds if not thousands of hacking attempts every day (and regularly repair hacked WordPress sites from other hosts). Intrusion attempts are constant, but thanks to security systems such as Fail2ban, attacks are automatically stopped before they cause any damage. However, beyond simply protecting my systems and customers, I wanted to go further: share this information and make the Internet more secure...
Blacklists (RBL): SPFBL.net's outrageous practices
Not all blacklists are created equal. And SPFBL is an example not to be followed. Don't use this blacklist and don't give in to its pressures.
Critical security flaw in CUPS on GNU/Linux September-October 2024: What you need to know
A quadruple critical security flaw has just been discovered in CUPS for all GNU/Linux systems. This article will be updated with the new information, to provide you with a simple and effective summary of what you need to know and do. UPDATE 09/29/2024: These vulnerabilities only concern CUPS, so very few servers are affected, unless you have printers in your datacenter...! This article has been rewritten accordingly. A critical flaw: what do we know? Security researcher Simone Margaritelli discovered this set of vulnerabilities at the beginning of September....
Apache web server vulnerability affects millions of servers
The Apache HTTP server is one of the most widely used web servers in the world. However, like all software, it is not immune to vulnerabilities. And beware, it's a double vulnerability. On July 4, a critical security flaw was discovered, affecting Apache version 2.4.60. This flaw is rated CVE-2024-39884. The flaw allows the source code of PHP files to be disclosed. This is absolutely critical, as these files may contain, for example, database passwords or confidential proprietary code. A patch has therefore been released in version 2.4.61 of the server...