Running and managing a WordPress website is nothing less than an adventure. When you feel that you have set up the best config for your WordPress site, you will be surprised with a problem you never imagined before.
Being attacked using a DDoS attack is one of those problems you may face once in your journey as a website owner.
If you are experiencing that right now, take a chill pill, as I will cover as much as I can in this guide to help you stop ongoing attacks and prevent further attacks.
And if you have never faced this problem before, well you should feel lucky, but learn everything about it, as this could be helpful in the moment of crisis.
What is DDoS (denial-of-service (DoS)) attack?
Let’s understand DDoS with an example:
Imagine you’re having a party at your house, and you invite all your friends over to have a good time. But suddenly, lots and lots of people you don’t even know start showing up at your door, and they keep coming and coming. Eventually, there are so many people that your house gets really crowded, and nobody can move or enjoy the party anymore. It becomes chaotic and overwhelming.
Well, a DDoS attack is a bit like that. But instead of people, it involves lots and lots of computers or devices trying to visit a website or an online service all at once. These computers are usually infected with special software called “bots,” and the people who control these bots want to cause trouble.
When these infected computers all try to access a website or an online service simultaneously, it creates a flood of traffic, just like the flood of people coming to your party. This flood of traffic overwhelms the website or the service, making it very slow or even causing it to crash.
The people behind the DDoS attack are trying to disrupt the normal operation of the website or service, causing inconvenience or even financial harm to the owners. It’s like a prank that can cause a lot of trouble and frustration for everyone involved.
To stop a DDoS attack, the website or service owner needs to have special security measures in place to filter out and block the fake traffic coming from the infected computers. It’s like having a bouncer at your party who checks if people are invited before letting them in.
How To check if Your Website Is Getting DDoS’ed
First, you should check and be sure if you are being brute-forced or being DDos attacked. In both cases, your website will experience high traffic in a short time, and either you will experience that your website is super slow or showing a 502 error.
Here are steps to analyze
1. Check if you see a traffic increase in past few minutes/hours/days
Use your traffic analytic tool like “Google analytics” or server logs to check if your website traffic has increases significantly in recent time. For example, I use Kinsta hosting, and in the logs I could clearly see there is something unusual about the traffic.
But the point is, you won’t check your traffic every day, so you need a method to get notified if your website is getting unusual traffic, and that too in real time. Or, you can set up a website uptime monitoring service to get notified if your website ever goes down. This is how I usually find out if something (either DDoS attack or something else) is wrong with my server.
I find UptimeRobot to be reliable, and have been using it for many years. They have both free and paid plans, which will suit everyone needs.
Now, once you are sure that there is something wrong with the traffic, and it is not one of the usual good traffic, it’s time to analyse the traffic itself.
Looking at your server log or if you are using any WordPress security plugin, you could check more details about the traffic. For example, here is what I found when I analysed my traffic –
The above report is from Cloudflare, and I edited the column to show the “Path”, which clearly shows that the bot traffic is requesting the empty/non-existent pages.
If I would have seen something like website.com/login, and something around login pages, it might be more to do with “Brute force attack” rather than usual application level DDoS attack.
Either one, once you are sure of that your website is being DDoS’ed, you can plan the further strategy to stop the attack.
How To Stop DDoS Attack?
Depending upon your current setup, you can use a WordPress Firewall plugin or use a DNS level firewall solution like Cloudflare or Sucuri. I prefer DNS level prevention in most of the cases as it’s usually more effective.
Cloudflare to your rescue 🦹 –
I have talked about Cloudflare a lot of times here at ShoutMeLoud, and I find it to be one of the best tool for website security and often for optimisation. It also offers free CDN, which helps in speeding up your website. Cloudflare offers basic DDoS mitigation for free, and this should be good enough in most of the situation.
In fact, from the day you set up your website, you should let Cloudflare manage your DNS, and enjoy the plethora of free services that it offers.
Read:
Cloudflare under attack mode –
However, if Cloudflare is unable to prevent the attack with default settings, you can enable the “Under Attack mode” which will show the Challenge page for every visitor including the bot traffic. This may be little annoying for regular readers, but often this is how you prevent n on-going DDoS attack.
However, you need to understand that you can’t stop an attacker from attacking your website, but you can always put the measures which make their attack useless. Eventually, they realize that there is no cost-benefit to such attacks.
If the attack is made using a small botnet ( You can find this by analyzing your traffic log), you can block the IP or, often, the entire geo. For example, my hosting company “Kinsta” offers a “Geolocation” feature that blocks traffic from specific geographic locations.
You can achieve the same using Cloudflare or a majority of hosting companies. Ping the support of your hosting, and see if they can help you with this.
Another trick that may or may not work is blocking the user-agent. Often there are common user-agents used by bot traffic (again, you can find that from the server traffic log), and you can simply block them.
Similarly you can block the IP’s, and most of these could be used using Cloudflare, Sucuri or any WordPress firewall plugins.
Cloudflare Pro –
Cloudflare pro plan starts with $20/month and most of the time, enabling it and configuring the advanced protection of Cloudflare pro should resolve the issue for most of such attack.
Conclusion – Stopping WordPress DDoS attacks
Often you need to understand the motivation behind such attacks. It could be from a competitor, a ransom demand, or for Hacktivism. If your security system is solid, you can often mitigate such attacks.
You can never stop someone from attacking you, but you can always put guards and checks to ensure only legitimate users access the site and spam bot traffic is not entertained. Once the attacker realizes that your website is not profitable for them to attack, they will try to find some other victim.
A lot of time, your web hosting service can guide you and may help block certain kinds of traffic to slow down or even stop the attack, but it may or may not be in their SLA to do that. You can always find service providers who can instantly assist you in mitigating such DDoS attacks and hardening your WordPress security to prevent future attacks.
I would love to hear your experiences of stopping and preventing DDoS attack on WordPress or any other platform. How was your emotional response, and then how you handled the entire situation?
- Also see: WordPress Security Guide
- Best WordPress Malware Scanner plugins (You Only Need One)
Hello Harsh,
DDOS attack is a serious security threat for growing websites and blogs. I am also using Cloudflare as it gives extra layer of security to my blog. I closely monitor my blog traffic to see any unusual traffic hikes. You have shared very helpful tips here.
Regards,
Vishwajeet Kumar