{"id":33669,"date":"2021-08-23T17:24:36","date_gmt":"2021-08-23T11:39:36","guid":{"rendered":"https:\/\/rarathemes.com\/blog\/?p=33669"},"modified":"2024-01-16T13:58:56","modified_gmt":"2024-01-16T08:13:56","slug":"how-to-stop-ddos-attack","status":"publish","type":"post","link":"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/","title":{"rendered":"How to Stop a DDoS Attack on WordPress"},"content":{"rendered":"\n<p>WordPress is a popular Content Management System today. There are many possibilities on how far you can take your site with WordPress. However, such colossal fame also makes WordPress a hot target for various attacks and security issues.&nbsp;<\/p>\n\n\n\n<p>The DDoS (Distributed Denial of Service) attack is one of such vulnerabilities. DDoS attacks on WordPress are more common than you might anticipate and have been increasing rapidly. Unfortunately, they also open the gate for other types of attack. So, the best thing you can do is learn how to stop a DDoS attack to save your business from a major hit.<\/p>\n\n\n\n<p>This guide will explain what a DDoS attack is and what type of damages it can cause. Also, we will walk you through various ways to stop a DDoS attack.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s begin:&nbsp;<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title ez-toc-toggle\" style=\"cursor:pointer\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#What_is_a_DDoS_Attack_on_WordPress\" >What is a DDoS Attack on WordPress?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Why_Do_DDoS_Attacks_Occur\" >Why Do DDoS Attacks Occur?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Damages_from_a_DDoS_Attack\" >Damages from a DDoS Attack&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Difference_Between_a_Brute-Force_Attack_and_a_DDoS_Attack\" >Difference Between a Brute-Force Attack and a DDoS Attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#How_to_Stop_a_DDoS_Attack_on_Your_Website\" >How to Stop a DDoS Attack on Your Website?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#1_Disabling_XML-RPC\" >1. Disabling XML-RPC<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Using_a_plugin\" >#Using a plugin<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Using_the_htaccess\" >#Using the .htaccess&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#2_Disabling_REST_API\" >2. Disabling REST API<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#3_Activating_WAF_Website_Application_Firewall\" >3. Activating WAF (Website Application Firewall)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#4_Using_CDN\" >4. Using CDN&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#DoS_Vs_DDoS_Whats_the_Difference\" >DoS Vs. DDoS: What\u2019s the Difference?&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#How_to_know_if_it_is_DDoS_or_Brute-Force\" >How to know if it is DDoS or Brute-Force?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#What_to_do_under_a_DDoS_attack\" >What to do under a DDoS attack?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#1_Alert_team_Members\" >1. Alert team Members.&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#2_Inform_Your_Customers\" >2. Inform Your Customers.&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#3_Contact_Your_Hosting_and_Security_Support\" >3. Contact Your Hosting and Security Support.&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/rarathemes.com\/blog\/how-to-stop-ddos-attack\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_a_DDoS_Attack_on_WordPress\"><\/span>What is a DDoS Attack on WordPress?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A Distributed Denial of Service attack, aka DDoS attack, is a cyber-attack that attempts to disturb the average traffic rate of a network, service, or server. The prime objective of a DDoS attack is to send a flood of traffic to a targeted server to slow it down and ultimately crash it.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"430\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/flowchart-of-a-DDoS-attack.png\" alt=\"Flowchart of a DDoS attack\" class=\"wp-image-33671\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/flowchart-of-a-DDoS-attack.png 700w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/flowchart-of-a-DDoS-attack-300x184.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/flowchart-of-a-DDoS-attack-98x60.png 98w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The hacker (in this case, botmaster) uses compromised devices and computers to send HTTP requests to a WordPress server. Those compromised devices form a network known as a botnet.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Botmaster initiates the launch command to the botnet. The botnet then requests the target server to fetch data. Botnets can be hundreds and thousands of hosts requesting the same data at the same time.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A single request consumes certain resources from the target server. The server only has limited resources and the capacity to handle normal traffic at a particular time. When there is a flood of malicious traffic, it overwhelms the server. As a result, it slows down and even crashes. If your site resides on this server, it too becomes unresponsive.<\/li>\n<\/ul>\n\n\n\n<p>DDoS attacks are becoming more frequent nowadays. It is rising with the passing years.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In 2019 alone, there were<a href=\"https:\/\/sectigostore.com\/blog\/ddos-attack-statistics-a-look-at-the-most-recent-and-largest-ddos-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> 8.4 million<\/a> DDoS attacks.&nbsp;<\/li>\n\n\n\n<li>The year <a href=\"https:\/\/www.imperva.com\/blog\/2019-global-ddos-threat-landscape-report\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">2019 also witnessed the longest attack<\/a> for up to 13 days and peaked at 292,000 RPS (Requests Per Second).<\/li>\n\n\n\n<li><a href=\"https:\/\/www.netscout.com\/threatreport\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">4.8 million DDoS attacks<\/a> occurred only in the first half of the year 2020. This attack is a 15% increment from 2019. It further increased to 25% in the pandemic lockdown (from March to June 2020.)<\/li>\n<\/ul>\n\n\n\n<p>Even larger internet companies are not immune to DDoS attacks. Back in 2016, a popular DNS service provider &#8211; DYN, fell victim to a DDoS attack. This attack affected many powerful websites such as Netflix, Amazon, PayPal, Visa, Reddit, Airbnb, The New York Times, etc.<\/p>\n\n\n\n<p>Later in 2018, GitHub (a popular code hosting platform) suffered a DDoS attack. That attack sent 1.3 TB per second traffic to the servers.&nbsp;<\/p>\n\n\n\n<p>So you see, it is essential to know how to stop DDoS attacks on WordPress. You will learn it here in the last segment of this guide.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Do_DDoS_Attacks_Occur\"><\/span>Why Do DDoS Attacks Occur?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There can be many reasons for DDoS attacks. It all depends on the motivation of the botmaster. Here are some of the common types of triggers:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>People with technical knowledge find it adventurous. They might even do it out of boredom.<\/li>\n\n\n\n<li>There may be a political reason behind such attacks. Such motivation leads botmasters to attack a particular region or country.<\/li>\n\n\n\n<li>Attacks on specific service providers or businesses cause monetary harm. One can also get motivated to take out competitors.<\/li>\n\n\n\n<li>To blackmail someone or a particular organization for ransom.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Damages_from_a_DDoS_Attack\"><\/span>Damages from a DDoS Attack&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>This type of attack is intended to crash a server to make websites inaccessible or lower their performance. Here are the main damages from a DDoS attack:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It lowers the site performance or makes it inaccessible.&nbsp;<\/li>\n\n\n\n<li>It results in a poor user experience. It leads to increased bounce rates and plummeting conversions.&nbsp;<\/li>\n\n\n\n<li>It can decrease your site\u2019s SEO ranking.&nbsp;<\/li>\n\n\n\n<li>It causes a financial burden to solve the issue by hiring professionals. In fact, <a href=\"https:\/\/www.bulletproof.co.uk\/industry-reports\/2019.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">a report<\/a> estimates a loss of up to $120,000 for small businesses and up to $2 million for enterprises.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Difference_Between_a_Brute-Force_Attack_and_a_DDoS_Attack\"><\/span>Difference Between a Brute-Force Attack and a DDoS Attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You may have heard about a brute-force attack. It is another form of a cyber attack like a DDoS attack. However, these two attacks are different from each other.<\/p>\n\n\n\n<p>A brute-force attack is a popular attack to hack into a website. In contrast, the DDoS attack wants to overflow traffic to a server. Thus, the key difference between a brute-force attack and a DDoS attack is the goal.&nbsp;<\/p>\n\n\n\n<p>A brute-force attack aims to obtain unauthorized admin access to a site by guessing passwords or trying out random combinations. After gaining access, the hacker intends to steal personal information from the site or install malicious software in it to infect the computer or data.&nbsp;<\/p>\n\n\n\n<p>On the contrary, a DDoS attack aims to overwhelm a server to degrade the site\u2019s performance and even crash it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Stop_a_DDoS_Attack_on_Your_Website\"><\/span>How to Stop a DDoS Attack on Your Website?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>DDoS may be difficult to deal with as botmasters can cleverly disguise it. But, with these practices, you can prevent and stop DDoS attacks on your WordPress:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_Disabling_XML-RPC\"><\/span>1. Disabling XML-RPC<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>XML-RPC is a remote method call that uses XML to encrypt HTTP and calls as a transport apparatus. In simple words, XML-RPC is a system that enables you to add posts on your WordPress blog using weblog clients such as <a href=\"https:\/\/wordpress.com\/windows-live-writer\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Windows Live Writer<\/a>.&nbsp;<\/p>\n\n\n\n<p>If you are using a WordPress mobile app and want to connect to the services such as IFTTT or want to post blogs remotely, you need to enable XML-RPC. However, hackers can impose a DDoS attack on your site via XML-RPC. So, if you don\u2019t use the mobile WordPress app, it is better to disable XML-RPC.&nbsp;<\/p>\n\n\n\n<p>You can do it in two ways:&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using_a_plugin\"><\/span>#Using a plugin<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>You can install a plugin called<a href=\"https:\/\/wordpress.org\/plugins\/disable-xml-rpc\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> Disable XML-RPC<\/a> on your WordPress. This plugin automatically disables the XML-RPC once you activate it.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using_the_htaccess\"><\/span>#Using the .htaccess&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>You can also add a code to your .htaccess file to disable XML-RPC:&nbsp;<\/p>\n\n\n\n<p># Block WordPress xmlrpc.php requests<\/p>\n\n\n\n<p>&lt;Files xmlrpc.php&gt;<\/p>\n\n\n\n<p>order deny,allow<\/p>\n\n\n\n<p>deny from all<\/p>\n\n\n\n<p>allow from 123.123.123.123<\/p>\n\n\n\n<p>&lt;\/Files&gt;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_Disabling_REST_API\"><\/span>2. Disabling REST API<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>REST stands for Representational State Transfer. REST in WordPress uses HTTP requests to access data and use it. It relates to the reading, creating, updating, and even deleting of those data.&nbsp;<\/p>\n\n\n\n<p>Likewise, API (Application Programming Interface) is a code that enables two softwares to communicate with each other. The API paves a correct path for requesting services from the application or OS.&nbsp;<\/p>\n\n\n\n<p>REST API lets plugins access and even delete your WordPress data. Therefore, it may act as an enabling factor for DDoS attacks. Thus, disabling REST API may help prevent and even stop a DDoS attack.&nbsp;<\/p>\n\n\n\n<p>You can install the <a href=\"https:\/\/wordpress.org\/plugins\/disable-wp-rest-api\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Disable WP REST API <\/a>plugin for this. Once activated, the plugin makes the REST API of your site inaccessible to unauthenticated users. However, the plugin only offers limited protection against DDoS attacks. Your website will still be open to usual HTTP requests. Also, you may face API service disturbances on your WordPress.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Activating_WAF_Website_Application_Firewall\"><\/span>3. Activating WAF (Website Application Firewall)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A WAF (Website Application Firewall) is the first layer of protection to prevent DDoS bots and hackers from entering your site. WAF acts as a proxy between the site and incoming traffic. WAF uses an intelligent algorithm to block suspicious requests before reaching the server.<\/p>\n\n\n\n<p>It performs virtual patching of plugins, WordPress core, and theme vulnerabilities.&nbsp;<\/p>\n\n\n\n<p>WAF is a feature associated with hosting providers. If the feature is not built-in on your hosting package, you can sign up for <a href=\"https:\/\/sucuri.net\/website-security-platform\/signup\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sucuri<\/a>. It is the best security plugin and website firewall plugin. Sucuri runs on a DNS level. It means they catch DoS volumetric attacks before they can send requests to your site.&nbsp;<\/p>\n\n\n\n<p>Its pricing is as follows:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Basic: <\/strong>$199.99 per year per site&nbsp;<\/li>\n\n\n\n<li><strong>Pro: <\/strong>$299.99 per year per site&nbsp;<\/li>\n\n\n\n<li><strong>Business: <\/strong>$499.99 per year per site<\/li>\n<\/ul>\n\n\n\n<p>Alternatively, you could also use <a href=\"https:\/\/www.cloudflare.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cloudflare.<\/a> The pricing is as follows:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Free version&nbsp;<\/li>\n\n\n\n<li><strong>Pro<\/strong>: $20 per month&nbsp;<\/li>\n\n\n\n<li><strong>Business<\/strong>: $200 per month&nbsp;<\/li>\n\n\n\n<li><strong>Enterprise<\/strong>: custom-based.<\/li>\n<\/ul>\n\n\n\n<p>However, the free version only offers limited DDoS protection. You need to sign up for business plans to get seven-layer DDoS protection.<\/p>\n\n\n\n<p><strong>Note:<\/strong> WAF functions at the application level are less effective during DDoS attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"4_Using_CDN\"><\/span>4. Using CDN&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A CDN (Content Delivery Network) is a group of servers that are distributed geographically that deliver content to users all over the world. These servers work together to deliver internet content at a faster pace.&nbsp;<\/p>\n\n\n\n<p>It reduces the physical distance between the users and the servers thus improving the web performance.<\/p>\n\n\n\n<p>There are several benefits of using CDN, one of which is the improved web security. CDN providers dedicate their effort and time to prevent DDoS attacks, web exploitations, and other cyber threats.&nbsp;<\/p>\n\n\n\n<p>Most of the popular CDN providers offer sufficient security measures to prevent scammers, bots, and other threats. Plus, they also provide DRM (Digital Rights Management) licensing using Apple FairPlay, Microsoft PlayReady, and other content protection systems.&nbsp;<\/p>\n\n\n\n<p>Thus, using a CDN service can be an easy and effective way of stopping a DDoS attack on WordPress. If you are not sure which CDN is good for you, here are the <a href=\"https:\/\/rarathemes.com\/blog\/best-cdn-providers\/\">10 best CDN providers<\/a>. <\/p>\n\n\n\n<p>Check out their details along with pros and cons. You can then figure out which suits you the best.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"DoS_Vs_DDoS_Whats_the_Difference\"><\/span>DoS Vs. DDoS: What\u2019s the Difference?&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>DDoS attacks evolved from DoS attacks. Thus, it is necessary to know the difference between them.&nbsp;<\/p>\n\n\n\n<p>A DoS attack is an online attack where the botmaster tries to make computers or other devices unavailable to the users. They do so by disrupting the normal functioning of the device. Its goal is to manipulate the server into denying user access and interfering with the normal system.<\/p>\n\n\n\n<p>However, a DDoS attack sends a flood of requests to a particular server and takes it down.<\/p>\n\n\n\n<p>Unlike DDoS attacks that involve multiple machines, a DoS attack occurs between a single site and a single target.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_know_if_it_is_DDoS_or_Brute-Force\"><\/span>How to know if it is DDoS or Brute-Force?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Both DDoS and Brute-Force attacks use server resources and decrease their performance. As a result, symptoms in both the attacks look quite similar. Your site gets slower and may even crash.&nbsp;<\/p>\n\n\n\n<p>You can certainly know whether it is a DDoS attack or a Brute-Force attack by using the <a href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sucuri <\/a>plugin.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"455\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/install-sucuri-plugin.png\" alt=\"Install and activate the Sucuri plugin\" class=\"wp-image-33697\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/install-sucuri-plugin.png 700w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/install-sucuri-plugin-300x195.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/install-sucuri-plugin-92x60.png 92w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Now, go to the \u201cSucuri Security\u201d on the dashboard and click on the \u201cLast Logins\u201d option.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"366\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/go-to-login-tab.png\" alt=\"Last logins option in the Sucuri plugin\" class=\"wp-image-33696\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/go-to-login-tab.png 670w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/go-to-login-tab-300x164.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/go-to-login-tab-110x60.png 110w\" sizes=\"auto, (max-width: 670px) 100vw, 670px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to the \u2018Failed logins\u2019 tab.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"343\" src=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/failed-logins-attempts.png\" alt=\"Failed logins tab on Sucuri\" class=\"wp-image-33699\" srcset=\"https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/failed-logins-attempts.png 700w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/failed-logins-attempts-300x147.png 300w, https:\/\/rarathemes.com\/blog\/wp-content\/uploads\/2021\/08\/failed-logins-attempts-122x60.png 122w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p>If you see multiple login requests here, it means your site is under Brute-Force attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_to_do_under_a_DDoS_attack\"><\/span>What to do under a DDoS attack?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You can use the Web Application Firewall of companies such as CloudFlare and Sucuri to help prevent a DDoS attack. However, in case of exceptionally large attacks, it may impact your site. Thus, it is better to prepare for a scenario where your site may be under a DDoS attack. Here are some tips to follow when your site is under a DDoS attack:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_Alert_team_Members\"><\/span>1. Alert team Members.&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If you work in a team, it is best to inform them the moment you figure out it is a DDoS attack. Doing so will prepare them for any queries and figure out possible solutions.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_Inform_Your_Customers\"><\/span>2. Inform Your Customers.&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A DDoS attack can cause a great inconvenience to your customer as it impacts the user experience. Unfortunately, it is true, especially for online stores. Your customers may not be able to log in or place orders. Thus, you can convey to them that the site is under technical difficulty and will soon be standard.&nbsp;<\/p>\n\n\n\n<p>Such a message will let them know of the situation and follow up sometime later. After all, communication is what will keep your brand image strong.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Contact_Your_Hosting_and_Security_Support\"><\/span>3. Contact Your Hosting and Security Support.&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Contact your hosting provider and firewall service to inform them about the trouble you are facing. This may sort out the issue faster, and they may even provide more updates on the attack.<\/p>\n\n\n\n<p>If you use Sucuri, you can set it to Paranoid mode. It will block multiple requests on your site, thus making it accessible only for legitimate traffic.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You cannot predict if your site is vulnerable to a DDoS attack or not. So the best you can do is learn how to stop DDoS attacks on WordPress before you become the victim of it.&nbsp;<\/p>\n\n\n\n<p>You just learned multiple ways to stop and prevent a DDoS attack. If you liked it, comment below.&nbsp;<\/p>\n\n\n\n<p>You might also check:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/rarathemes.com\/blog\/wordpress-security\/\">WordPress security tricks to secure your WordPress website<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/rarathemes.com\/blog\/make-wordpress-login-url-secure\/\">Finding your WordPress login URL and making it secure.<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>WordPress is a popular Content Management System today. There are many possibilities on how far you can take your site with WordPress. However, such colossal fame also makes WordPress a &hellip; <\/p>\n","protected":false},"author":15,"featured_media":33933,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_be_single_description":"","_be_image_uploader":0,"_be_meta_button_label":"","_be_meta_button_url":"","_be_meta_button_newtab":false,"_be_meta_rel_attribute":"","footnotes":""},"categories":[16,3],"tags":[],"class_list":["post-33669","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-advanced-tutorials","category-tutorials","latest_post"],"_links":{"self":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts\/33669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/comments?post=33669"}],"version-history":[{"count":0,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/posts\/33669\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/media\/33933"}],"wp:attachment":[{"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/media?parent=33669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/categories?post=33669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rarathemes.com\/blog\/wp-json\/wp\/v2\/tags?post=33669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}