{"id":6413,"date":"2025-02-25T16:11:33","date_gmt":"2025-02-25T15:11:33","guid":{"rendered":"https:\/\/www.lrob.fr\/?p=6413"},"modified":"2025-06-09T10:52:16","modified_gmt":"2025-06-09T08:52:16","slug":"performance-and-security-the-lrob-strategy-for-optimal-wordpress-hosting","status":"publish","type":"post","link":"https:\/\/www.lrob.fr\/en\/blog\/securite\/performance-et-securite-la-strategie-lrob-pour-un-hebergement-wordpress-optimal\/","title":{"rendered":"Performance and Security: LRob's strategy for optimal WordPress hosting"},"content":{"rendered":"<h2 class=\"wp-block-heading\">High-performance, secure WordPress hosting without compromise<\/h2>\n\n\n\n<p>At LRob, our mission is clear: to provide <strong><a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">fast and secure WordPress hosting<\/a><\/strong>by minimizing the impact of attacks while optimizing server performance. Unlike standard solutions that simply respond to threats, <strong>we go one step further by actively preventing unnecessary server loads<\/strong>.<\/p>\n\n\n\n<p>Because while some hosts may not implement sufficient or any attack blocking measures, or offer no transparency whatsoever, LRob can proudly display its measures in place and the results obtained.<\/p>\n\n\n\n<p>In this article, we explain <strong>our three-layer security strategy<\/strong> designed to effectively block attackers and offer you maximum security and performance for your website.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Attacks on WordPress: a scourge that consumes your resources<\/strong><\/h2>\n\n\n\n<p>WordPress sites are the target of numerous automated attacks. These attacks take two main forms:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Real attacks<\/strong>which are extremely resource-hungry. For example, massive connection attempts or requests targeting XML-RPC (xmlrpc.php) place heavy demands on the CPU, as they reach PHP directly and cannot be cached. Similarly, certain POST requests can be interpreted by PHP and cause excessive load.<\/li>\n\n\n\n<li><strong>Parasitic requests<\/strong>which generate useless responses such as 301, 403 (application firewall or server rules) or 404 errors. While not always malicious, they do add to logs and reduce server efficiency.<\/li>\n<\/ul>\n\n\n\n<p>Without adequate protection, this can saturate servers and slow down your sites. This is one of the causes of the slowness observed with many web hosts.<\/p>\n\n\n\n<p>That's why LRob actively fights this type of attack. And Our approach makes the difference: we don't just mitigate the impact of malicious requests, we eliminate them before they become a problem.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Our three-level protection strategy<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. Security rules specific to WordPress<\/strong><\/h3>\n\n\n\n<p>We implement strict security rules adapted to the specificities of WordPress, such as those provided by the <strong>WordPress Toolkit from Plesk<\/strong>We also offer customized configurations to reduce the attack surface.<\/p>\n\n\n\n<p>For example, we prohibit certain queries to certain key WordPress directories, block queries to XML-RPC when unused, and log failed connection attempts to WordPress. <\/p>\n\n\n\n<p>This enables unauthorized access and abnormal behavior specific to the CMS to be identified or blocked directly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. ModSecurity: a powerful application firewall<\/strong><\/h3>\n\n\n\n<p>ModSecurity acts as an intelligent filter, blocking malicious requests before they reach WordPress. This solution stops the most common attacks such as SQL injections, XSS or vulnerability scans, adding significant protection to your site, even when it contains known security flaws.<\/p>\n\n\n\n<p>However, simply blocking a request is not enough to avoid unnecessary use of server resources. That's where fail2ban comes in.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Fail2ban: blocking attackers for good<\/strong><\/h3>\n\n\n\n<p>Fail2ban analyzes attack logs from the previous two security features and automatically blocks malicious IPs, preventing them from making further requests.<\/p>\n\n\n\n<p>In plain English:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fail2ban <strong>identifies attackers<\/strong> via their IP<\/li>\n\n\n\n<li>If an attacker repeats his attack, fail2ban <strong>bans the attacking IP<\/strong>.<\/li>\n\n\n\n<li>Result: <strong>this IP will no longer be able to send requests to your site<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p>This means you gain drastically on two fronts: performance and security. Your site loads faster and is much less vulnerable to attacks.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The result: a faster, safer site, freeing up resources<\/strong><\/h2>\n\n\n\n<p>With this strategy, we are seeing <strong>drastically reduced CPU usage<\/strong> on our servers, while improving the availability and responsiveness of our customers' sites.<\/p>\n\n\n\n<p><strong>Key figures:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Up to 95% of CPU usage saved<\/strong> by directly blocking attackers.<\/li>\n\n\n\n<li>A once-saturated server can fall to <strong>5% of use<\/strong> after protection has been installed.<\/li>\n\n\n\n<li>95% reduction in spurious logs and improved readability of traffic analyses.<\/li>\n<\/ul>\n\n\n\n<p>I'd love to be able to give you figures on the security gain. But that would require a single site hosted by LRob to have been hacked. This has never happened. It would be too pretentious to claim that this reduces the risk of a site being hacked by 100%. Nevertheless, we can be confident that it makes life hard for attackers and makes hacking your site extremely difficult.<\/p>\n\n\n\n<p>Did you know? To make life even harder for attackers, <a href=\"https:\/\/www.abuseipdb.com\/user\/169612\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LRob reported 250,000 attacks on AbuseIPDB<\/a> since October 2024.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why choose LRob for your WordPress hosting?<\/strong><\/h2>\n\n\n\n<p>We don't just offer a <a href=\"https:\/\/www.lrob.fr\/en\/features\/web-host-best-performance\/\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/www.lrob.fr\/caracteristiques\/hebergeur-web-meilleures-performances\/\" rel=\"noreferrer noopener\">high-performance hosting<\/a>we are constantly optimizing our infrastructure to offer <strong>a seamless, secure experience<\/strong> to our customers.<\/p>\n\n\n\n<p>With <strong>specific security rules, ModSecurity and fail2ban<\/strong>we provide :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2705 <strong>Proactive protection against attacks<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>Optimum performance for your visitors<\/strong><\/li>\n\n\n\n<li>\u2705 <strong>A server relieved of unnecessary requests<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Don't let bots slow down your site.<\/p>\n\n\n\n<p><strong>Opt for a <a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">web hosting<\/a> designed for safety and performance with LRob! \ud83d\ude80<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">See our web hosting<\/a><\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Un h\u00e9bergement WordPress ultra-performant et s\u00e9curis\u00e9, sans compromis Chez LRob, notre mission est claire : offrir un h\u00e9bergement WordPress rapide et s\u00fbr, en minimisant l&rsquo;impact des attaques tout en optimisant les performances serveur. Contrairement \u00e0 des solutions standard qui se contentent de r\u00e9pondre aux menaces, nous allons plus loin en pr\u00e9venant activement les serveur charges [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6015,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,5,22,23],"tags":[],"class_list":["post-6413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securite","category-blog","category-internet","category-wordpress"],"_links":{"self":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/6413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/comments?post=6413"}],"version-history":[{"count":2,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/6413\/revisions"}],"predecessor-version":[{"id":7434,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/6413\/revisions\/7434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media\/6015"}],"wp:attachment":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media?parent=6413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/categories?post=6413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/tags?post=6413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}