How to mitigate most DDoS attacks

A man on his computer wears a mask that makes us think he might be hiding his identity for some reason, like being a hacker. This article is about mitigating DDoS attacks from the unknown as the man behind the mask.

Before briefing you on how to mitigate most DDoS attacks, I’ll describe what goes on most WordPress sites today. By the way, you can skip reading my non-technical article since my intention is to provide you with a wider & simpler perspective before setting up your defense.

Now, most shared hosting packages have limitations to the resources assigned to each account, and a WordPress installation uses a bunch of database queries and processing quota per page load but also occupies disk space, RAM, and data transfer. Sure this happens silently to users, but the web administrator can access the stats, available slots, plus remaining capabilities.

What are DDoS attacks? Why would I become a target?

What goes on today, is that distributed bots access random sites 24/7. A server can handle limited HTTP requests, so if it receives many at once, it will respond with error messages. DDoS stands for Distributed Denial of Service, it’s a non-sophisticated type of attack, taking a server temporarily to its limits. So, if this happens to your server, your site will be down for a while.

And since WordPress powers a third of the Internet, these bots attempt to break its security by using several techniques. A common attack starts by wasting the sites’ resources, with numerous requests. This could be pictured as thousands of fake users simultaneously browsing a site. After a while, due to resource abuse, the site’s owner gets suspended by the hosting company.

How do I protect my WordPress site from DDoS attacks?

You could buy protection from your current hosting company to mitigate DDoS attacks, but depending on your site’s architecture, a customized solution will vary. There are trusted services to protect it, and using some of them will improve its performance. Just be aware that your site may be inaccessible until the changes you’ll make on your Domain Name System (DNS) propagate.

Are there any low-cost solutions?

Sure, even for free you could mitigate fake HTTP requests that flood your server. I use Cloudflare for such purposes. If you don’t know this platform, it allows you to set up a firewall, change your DNS Zone with almost instant propagation after you point your domain to their Name Servers, add compression & caching, among other useful features.

Can you help me? I don’t know where to start

If you find this post like nerds’ jargon, hit this link to schedule a meeting. I’m always available to help my friends. I know your WP site is one of the most important assets for your business, so, let’s mitigate some risks ASAP.

If you want to get a technical explanation, or if you’re unfamiliar with the DDoS Attacks, click here to read a brief article.