The Loafin' Tree

08/08/2025

07/09/2025

🚀 “25 Game-Changing Prompts to Launch Your Freelance WordPress Career with Confidence” Check it out on Gumroad - https://loafintree.gumroad.com/l/velcng

12/01/2021

Security breaches continue on popular hosts. We're proud of our security. Join us for peace of mind regarding your web properties!

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Host E...

01/28/2021

Wordfence is a must-have for every Wordpress installation we manage. If you know someone in charge of a website for a K-12 school, make sure they know about this benefit. We are always happy to help here at the Loafin' Tree too!

Wordfence is offering free site cleaning and site security audit services to K-12 public schools in the United States who use WordPress as their content management system.

10/23/2020

New Security Features! We are happy to inform you that we have implemented some new security measures designed to protect you from malicious bots and spoofed emails. And since we have your attention (hopefully), we will also throw in some well-known security tips, as well as remind you about some great security-related features we already provide but which you may have forgotten about.

1. Blocking Malicious Web Requests

We have implemented a new security mechanism that blocks POST requests from malicious IP addresses. We are using the database of Stop Forum Spam (https://www.stopforumspam.com) to get a list of malicious/suspicious IPs. The list gets automatically updated every 6 hours.

If your website receives a POST request from an IP address that has been listed in the Stop Forum Spam database, it will be automatically blocked by our Web Application Firewall (WAF). In almost all cases these requests come from bots, so you won't even notice them. However, if the POST request turns out to be legitimate, there is an easy way to allow future requests from that particular IP address. Whenever the protection gets triggered, a "412 REQUEST BLOCKED" page will be shown, asking the website visitor to prove they are human by completing a simple test (CAPTCHA). If the test is completed successfully, the POST request can be repeated and will no longer be blocked by our WAF.

2. Stricter Spam Rules for Better Filtering of Spoofed Messages

We use Sender Policy Framework (SPF) to check which mail servers are allowed to send email for a particular domain. If our mail server receives a message from an SPF-protected domain from a mail server that is not listed as an allowed sender for that domain, the system assigns spam points to the message, making it easier for SpamAssassin to recognize it as spam and filter it.

We have now enhanced the SPF protection by improving the spam scoring system for domains that use SPF. From now on the system will assign more spam points to messages that break the SPF policy of the sending domain. There is also a new SpamAssassin plugin in place that protects against the so-called "display name spoofing", where spammers alter an email's display name to make it look like it comes from a trusted source.

It is important to note that SpamAssassin is a powerful spam filtering solution, but it does need your help to better understand and filter the emails you receive in each mailbox. So, to receive as few spam emails as possible, you need to make sure that SpamAssassin is enabled for your mailboxes, and that you train it to better recognize and classify your incoming messages. To do this, you should move any spam messages you receive in the Inbox folder to the Junk Mail folder, and vice versa - you should move any messages incorrectly marked as spam from the Junk Mail folder to the Inbox folder. This way, the Bayesian classifier of the SpamAssassin tool will be trained so that messages get classified more accurately in the future.

StopForumSpam - a database of known forum and blog spam, its sources and the email addresses reported

09/01/2020

Whoops!

WordPress is publishing a maintenance release that fixes issues that broke millions of websites.

01/15/2020

Our economy hosting plan is changing. In order to keep up with demand for more resources needed by modern websites, our datacenter has upgraded the economy hosting plan to provide 10Gb of space from 1Gb. The cost will increase $1/mo. but you will get 10x the space! We hope this will accommodate your needs at a value price. If you have any questions, feel free to inquire by emailing [email protected].

11/13/2019

Google considering shaming sites that are slow to load.
https://blog.chromium.org/2019/11/moving-towards-faster-web.html

10/26/2019

Just a heads up to Adobe Creative Cloud users.

Customers risk being targeted for phishing campaigns.

09/05/2019

Our latest launch for the Germantown Historical Society. This is phase one. We hope to be adding more features soon, including a shop for books on this historical neighborhood that included a home of George Washington and one of the last remaining buildings associated with the Underground Railroad.

09/01/2019

List of plugins being attacked to compromise WordPress sites. Check and update to stay safe. If your not sure, contact us to learn about automatic updates and security on our plans.

According to WordPress, over 60 million people have chosen the software to power their websites. An ongoing attack is currently trying to compromise as many of them as possible.