How to prevent a DDoS attack on your wordpress site

Isn’t an uptick in web traffic the desired outcome for your business? The answer should be yes. But, what happens when you get an unexpected flood of simultaneous requests abruptly flowing into your website? Unfortunately, that is what happens during a Distributed Denial of Service, or DDoS, attack. They can occur on popular sites as well as small-budget WordPress websites. It can cause your site to crash entirely!

DDoS Attack Prevention for WordPress Websites

Luckily, there are certain steps you can take to reduce the likelihood and severity of a DDoS attack on your WordPress (WP) website. In this article, we will explain what DDoS attacks are, how they work, and then provide some essential tips on prevention. 

DDoS 101

When a Distributed Denial of Service attack occurs on any online service or a website, the site is inundated with access requests, but not from actual people—the requests come from bots. The number of requests causes the site to slow down to the point that it is inaccessible to any legitimate users, including the site owner. 

DDoS attack

Any devices that can connect to the Internet, such as laptops, routers, webcams, or smart gadgets, can be commandeered as part of a system called a botnet. Most of the time, system owners will not even realize that they have become a part of this network. Attackers install malware on these devices through software downloads or email/social media links and launch the DDoS attack remotely. 

Millions of devices from the Botnet drive an immense amount of traffic from a variety of sources to saturate the bandwidth of the targeted site, which in turn causes it to shut down. There are different types of DDoS attacks, such as Amplification, Smurf, Nukes, and Teardrop. No matter the type, the goal is always the same: to deny legitimate users access to a site.  

The 2016 Dyn DDos Attack

The 2016 Dyn cyberattack is one of the most talked about DDoS attacks. The Dyn server remained under sustained assault for most of the day affecting sites such as Twitter, Reddit, Netflix, and many others. The server was receiving around 1.2 terabytes of data each second through 10 million malicious endpoints. Botnets normally comprise several computers, but this attack involved things such as DVD players, digital cameras, and more, resulting in an extraordinary attack strength. 

Botnets, as well as individual DDoS attacks, can be purchased for around a hundred and fifty dollars over the Internet, leaving all organizations vulnerable. As the number of connected devices increase, so does the strength of the botnet. This is why companies sometimes spend millions of dollars on protecting their servers from DDoS attacks.

DDoS is Not Hacking

A distributed denial of service attack is not an attempt to gain any access to your site. If you are a victim of DDoS attack, you are being denied service through a bombardment of the site via public channels, but the integrity of the server remains sound.

Why Are You Being Attacked?

One of the reasons may be corporate espionage, where a competitor might want to shut you down during more significant sales of the year, for example. This is carried out to funnel maximum profits toward the competitor’s site. Someone merely wishing to understand the ins-and-outs of DDoS attacks may also try to launch one. Personal enmity or extortion, whereby the site is held hostage through a DDoS attack, may be another reason. And, you may be surprised, people also propel these practices out of boredom. They think it is exciting to watch the world burn! 

Mitigating DDoS Attacks with Secure Web Accelerator

powered by

Cloudflare logo

There are multiple ways in which you can prevent a DDoS attack on your WordPress website, such as regular maintenance, investing in Cloudflare© security features, and so much more. With Secure Web Accelerator powered by Cloudflare in place, you can enhance your site’s ability to fight off a DDoS attack.

1. Cloudflare CDN

CDNs, or Content Delivery Networks, are designed to keep performance strong. CDNs store cached copies of your site on servers across the world, making it more difficult for high traffic to overwhelm any one server. Cloudflare CDN servers store content in over 200 cities around the world in order to take the load off of one or more of your servers and quickly deliver content to users inside different networks.

2. Cloudflare DDoS Protection

Secure Web Accelerator powered by Cloudflare offers a layered security approach that is beneficial for big-budget companies or if you think you would be susceptible to a complex DDoS attack. Cloudflare’s multiple DDoS mitigation capabilities will route the incoming traffic through a filter, so only genuine users get to access your site.

Cloudflare DDos attack layered security approach

Image Source: Cloudflare

3. Set Up WAF to Blacklist Suspicious IP Addresses

Cloudflare Managed Web Application Firewall (WAF) rules secure your site against attacks in seconds, and continuously identifies and blocks new potential threats. You may consider configuring additional firewall rules to restrict the number of users accessing your site during a specified period, which can be enough to prevent an attack without impacting the actual experience. 

Compared to other approaches that prevent a DDoS attack on your WP site, this one’s a bit more hands-on. You can set up WAF to block or challenge suspicious IP addresses from accessing your site, while legitimate requests are routed to the destination.

Cloudflare WAF

Image Source: Cloudflare

4. Monitor Your Traffic

Many site owners become complacent about checking their logs, but doing so can also safeguard your site. If you note that at 4:40 AM, around 500 login attempts took place from halfway across the world, it is a good time to identify configuration adjustments to improve performance and security.

Cloudflare provides detailed logs of individual HTTP requests, so you can better understand the threat landscape by viewing the firewall events in one place, surveying the traffic distribution across your load balancers, and get instant insights on the DNS traffic to your site.

Cloudflare analytics

Image Source: Cloudflare

5. Create Additional Page Rules to Maximize Bandwidth

To make your site capable of handling a high volume of traffic, create Page Rules that allow you to customize Cloudflare’s functionality to optimize speed, harden security, increase bandwidth, maximize your site’s server capacity, and much more. It will help keep your site running even if a massive amount of artificial traffic hits your site. Moreover, it helps you scale your business as your site will be able to better handle more legitimate users as well.

Final Thoughts

Having said all of that, an ounce of prevention is worth a pound of cure. It is absolutely necessary to stay on top of your WordPress maintenance tasks that involve backups, malware removal, and updates to your theme, plugins or WP itself. All companies, big or small, are susceptible to DDoS attacks. However, your WordPress site is much less likely to suffer from a DDoS attack if these precautionary measures are in place. But the risk is there. It is easy for anyone to hire a DDoS botnet if they want to. Therefore, being prepared is worth it, so your livelihood is not at stake. 

Secure Web Accelerator

Secure Web Accelerator powered by Cloudflare with DDoS mitigation improves your site’s security, speed, and reliability starting a less than $1/month.