WordPress is used all over the world. It’s not just like that. After all, it has powerful functions and safe code. However, like other software, this does not protect the engine from DDoS attacks.
Let’s show you working ways to stop and prevent a DDoS attack on a WordPress site.
Contents
What is a DDoS attack?
Its goal is to make the web resource start to work slowly and eventually become inaccessible to everyone. Both individual sites and entire groups of hosting IP addresses are attacked.
What are they used for?
Here are some reasons:
- for fun,
- political motives,
- material damage,
- blackmail/ransom.
What consequences?
- Loss of business due to a “slow” or non-working site.
- Building relationships with clients.
- Recovery costs.
- Decreased reputation.
How to stop and prevent a DDoS attack on WordPress?
They are difficult to find and eliminate. But basic safety recommendations will help prevent and stop them. And here are some.
Get rid of code that can lead to DDoS/Brute Force
WP is very flexible. Allows third-party plugins and tools to add new features. It has APIs for this. These are the methods by which third-party services and add-ons interact with the engine.
Also see: Enable Automatic Updates in WordPress
Some of these can also cause an attack by sending many requests. You can safely disable them.
XML RPC
This is a data transfer protocol that allows you to create and edit content and comments without logging into the admin panel.
Rest API
This is a tool that is also used to work with external sources.
To disable it, install the Disable REST API extension. The module does not need to be configured – it works after activation.
Install a firewall
Disabling the REST API and XML-RPC is only a small part of the defense against DDoS attacks. The VP site is still vulnerable to HTTP requests.
You can try to find and block “bad” IP addresses from which they attack. But this is inefficient for large DDoS.
The easiest way is to install a firewall on your site. It itself monitors all external network connections and blocks unsafe ones.
What to do during a DDoS attack?
They can attack even if you have done all the above work on protection. Hosting usually has powerful protection. But you can feel major attacks on your resource.
Here are a few tips to keep DDoS attacks to a minimum.
Notify all team members
They will always be ready to help you (send a request to the hosting technical support, inform your customers about the problem, monitor the site).
Notify customers
A DDoS attack can affect your users’ experience. For example, they won’t be able to place an order or sign in to their account.
You can announce the problem through social networks, send email notifications, contact some by phone.
Contact your hosting support
Tell us how you noticed the attack, give more information. In this case, you will be aware of the latest developments and follow the resolution of the problem.