DDoS stands for Distributed Denial of Service. It is a method of online attack that sends a large number of fake visitors to your website. The goal is to slow it down until it becomes inaccessible to your real visitors.
Have you ever visited a shop in person at the same time as a hundred other people? The staff become overwhelmed, you have to wait a long time to be served, and they might start to run out of stock. Everyone has a bad experience.
That’s how a DDoS attack works. Your website can only handle a limited number of visitors at one time. With too many visitors it will become just as unresponsive as that shop.
What is a DDoS Attack?
DDoS attackers use compromised computers and devices to send or request data from a WordPress hosting server. The purpose of these requests is to slow down and eventually crash the targeted server.
These compromised machines form a network, which is sometimes called a botnet. Each affected machine acts as a bot and launches attacks on the targeted system or server.
DDoS Attacks Are Becoming More Common
The number of DDoS attacks increases every year.
DDoS attacks increased by 55% between January 2020 and March 2021 according to a study by F5 Labs, and there were more than 10 million DDoS attacks recorded in 2020 according to cybersecurity firm Netscout.
If you have a WordPress website, then that’s concerning.
Why the big increase? Partly because there are more resources. There is more bandwidth available for their attacks, and more devices can be turned into bots.
That includes older PCs running unpatched operating systems, compromised smartphones, and the growing number of “internet of things” devices like smart TVs, refrigerators, and light bulbs.
Another reason is that DDoS attacks are easy to carry out. YouTube tutorials will teach you how to create botnets, and malware tools are easy to obtain. There are even people with DDoS skills who hire themselves out to paying customers.
DDoS attacks can last a day, a week, or longer. That’s often long enough to destroy the online presence of a website or application.
Popular platforms are more likely to become a target for attack, and WordPress is the most popular of all. That’s why it’s so important to keep your WordPress site secure and take steps to defend against DDoS attacks before it is too late.
Why Would Someone Attack My Site?
You might think that you’re safe from attack because your website is small and you’re a nice person. Chances are, someone will attack your site anyway.
They may do it to extort money. They might contact you and promise to stop the attack after you pay them.
It may be politically motivated. You may be targeted simply because of the country or region your business is located. Or it may be provoked by some of your content.
It may be business related. Perhaps your competitors are trying to gain an advantage. Or a disgruntled customer may want to cause you harm.
Or it could simply be done out of boredom. Someone with technical skills may play with botnets because they don’t have anything better to do with their time.
Types of DDoS Attacks
These DDoS attackers can use several methods to crash your website. If you can identify the method they are using, then you may be able to better defend your WordPress website.
Volumetric DDoS attacks are the most common type. They send large amounts of fake traffic to your website to use up the available bandwidth. Once the bandwidth is full, it will crash your website or show an error.
Application DDoS attacks target a specific application instead of the whole website. The application is kept so busy it can’t handle requests from genuine visitors and eventually the server crashes.
Protocol DDoS attacks target the networking devices rather than the whole website. They attack firewalls and routers by filling their connection tables. When there are more packets than they can handle, the server crashes.
How to Defend Against DDoS Attacks
Now, you may be wondering how a small business website using WordPress can fight or prevent DDoS attacks with its limited resources?
The time to act is now before you are attacked. And the easiest way to get started is by activating a website application firewall.
The firewall checks all of your traffic before it gets to your site and only lets genuine visitors through. It uses smart algorithms to catch and block all suspicious requests.
It’s like hiring a bouncer. The firewall application is powerful enough to stand up to the attacker without being knocked over and will take care of any threats before they get to your website’s front door.
We recommend Sucuri because it is the best WordPress security plugin and website firewall. It runs on a DNS level which means they can catch a DDoS attack before it can make a request to your website.
We use it ourselves, and you can read about how Sucuri helped us block 450,000 WordPress attacks in 3 months.
Another alternative is Cloudflare, though if you use its free service you only receive limited DDoS protection.
If your website is already under attack, then you should also disable WordPress APIs that can be exploited during a DDoS attack. You might like to check out our step by step guide on how to stop and prevent a DDoS attack on WordPress.
We hope this article helped you learn more about DDoS attacks. You may also want to see our Additional Reading list below for related articles on useful WordPress tips, tricks, and ideas.