Phone :  +370 (5) 204-1903
Email :  sales@1gbits.com
  1. Dedicated server
  2. Blog
  3. How To Protect Your WordPress Website Against DDoS Attacks

How To Protect Your WordPress Website Against DDoS Attacks

WordPress is one of the most popular website building platforms on the internet, catering to a majority of the websites on the internet (around 30% of all websites). It is a secure platform, but that does not mean it is immune to DDOS attacks.

Wordpress Tutorials Feb 18, 18 by Mery 9 min Read
How To Protect Your WordPress Website Against DDoS Attacks

DDoS attacks or Distributed Denial of Service attacks are prevalent over the internet, which can slow down websites and eventually make them inaccessible to users. The attacks can happen to both small and large businesses alike.

In this tutorial, we will go through the steps in preventing any DDOS attacks that can happen to your WordPress website.

What is a DDoS Attack?

As mentioned earlier, a DDoS attack stands for Distributed Denial of Service and puts the victim’s web services out of order by sending a significant amount of requests.

The DDoS attack is a method in which an attacker sends traffic (called “requests”) through compromised networks and computers to the target to make the targeted system too busy to respond to any other requests from legitimate users.

It does this by overwhelming the target or its close infrastructure with a flood of traffic. The ultimate goal of the attacks is to slow down and eventually crash the targeted server.

There’s a limit to every server, and your WordPress site can only handle so many simultaneous visits before it begins to crumble under pressure. DDoS attacks evolved from DoS (Denial of Service) attacks. The difference is DDoS takes advantage of multiple machines or servers that are compromised across different regions.

The compromised machines form a network, often referred to as a botnet. Then, each machine that’s affected acts as a bot and attacks the targeted server or system. This allows them to go unnoticed for some time and cause as much damage as possible before they’re blocked.

A key advantage for attackers to use distributed denial of service (DDoS) attacks, rather than a singular denial of service (DoS) attack, is that many machines located around the globe are being used to generate traffic and, as such, is it’s much harder for a website to track and thwart these attacks.

What will happen from a DDoS attack

If you fall victim to a DDoS attack, then a lot of negative things can happen, including but not limited to:

  1. The visitor’s experience will be negative. In the best-case scenario, the site will load slower than usual or at worst, the site will be shut down.
  2. If you have an eCommerce site, then the site will lose sales, or if you provide content (like a blog site), the visitors might go somewhere else for the information.
  3. Your site’s reputation will have a significant drop. This will affect your domain authority, relevance and trust, which are directly related to SEO.
  4. It will cost extra to repair the damages. The cost will depend on the duration of the attack, and it is hard to calculate because you must consider plenty of side effects like customer support, security experts to fix and repair the site.

Types of DDoS attacks

During a DDoS attack, a target server or network receives frequent requests from compromised systems, and this makes the bandwidth limit of a network or resources of a server max out. This slows down the server response, and sometimes, the server becomes useless. There are various types of DDoS attacks. This article will explain the two most common DDoS attacks, called Volumetric Attacks and Application Level Attacks.

Volumetric Attacks

A target site or a network receives traffic and requests from botnets and infected zombie systems in this type of attack. The examples of this attack category are connection floods, TCP SYN floods, and ICMP / UDP floods. This type of attack targets the third and fourth layers of the TCP / IP protocol called Network Layer and Transport Layer. In these types of attacks, the attacker generates a high bandwidth of traffic by using infected systems.

Application Level Attacks

Application Level DDoS Attacks is called Layer-7 DDoS attacks. In these attacks, the actor sends traffic to specific website sections to target vulnerabilities in web applications. Application Level DDoS attacks do not make a website down but increase bandwidth consumption. It also slows the sites by a great deal. In these attacks, since the traffic looks like if it comes from real humans, detection is hard. The attacker in these types of attacks uses HTTP, DNS and SMTP requests.

How to Protect Your WordPress Website Against DDoS Attacks?

WordPress is one of the best CMS solutions, and a vast community of developers supports it. This CMS is prone to vulnerabilities. Most users’ website is being used as a zombie to attack another website, and they are not aware of this. To reduce the threat of DDoS attacks, fix vulnerabilities in your WordPress sites. Steps to Protect Your WordPress Website Against DDoS Attacks are as below:

1.   Block XML-RPC functionality

XML-RPC functionality is enabled by default since WordPress 3.5 and provides services like pingbacks and trackbacks. An attacker can exploit these functionalities to send HTTP requests to a target website. If thousands of compromised WordPress sites start to send requests to a target website simultaneously, a Large Application Layer DDoS attack can occur.

It is better to disable XML-RPC functionality on all of your WordPress websites, so they cannot be used to launch a DDoS attack using pingbacks and trackbacks. To do this, add the following code to your .htaccess file.


Order Deny, Allow 

Deny from all 


Notice: Alternatively, you can use a plugin like Disable XML-RPC Pingback to disable the pingback and trackback functionality and keep other functions of XML-RPC intact.

2.   Update your WordPress Version Regularly

Update the following options with your WordPress:

  1. WordPress installation
  2. WordPress themes
  3. Apache version
  4. WordPress plugins
  5. PHP version on the server
  6. Mysql version
  7. Contact your hosting company

You should contact the hosting company and discuss if the servers and network hardware are updated. Also, it would help if you asked them what security measures they provide.

3.   Use Security Plugins

You can add a layer of defence to your WordPress website by configuring a security plugin can. There are multiple security plugins out in WordPress that you can add to your site. You can check the link here to see the complete list of DDOS plugins.

Here we will mention the top 5 plugins that you can use.

  • Cludflare (recommended)
  • Disable XML-RPC Pingback
  • Protection Against DDoS
  • Stop XML-RPC Attack
  • Eazy XMLRPC Pingback Disable

What you should do during a DDoS attack

DDoS attacks can happen to anyone despite all the security measures in place. The top companies, like Cloudflare and Sucuri, deal with them all the time. So if your site is under attack, don’t worry: here are some of the things that you can do to minimize the damage.

Inform the team

If you face a DDoS attack, the first thing you should do is inform your teammates about the issue. This will help your team to be prepared to look out for potential issues and help with customer support queries.

Inform the customers

During a DDoS attack, the first line of attack will be to the site’s user experience. Therefore it’s best to let your clients know what is going on. Through your social media accounts, you can announce that your website is having technical difficulties, and everything will be back to normal soon.

If the attack is significant, you can also use your email marketing service to communicate with customers and follow your social media updates. Communication during these challenging times makes a huge difference in keeping your brand’s reputation strong.

Contact the hosting and security support.

Get in touch with your WordPress hosting provider. The attack you may be witnessing could be part of a more significant attack targeting their systems. In that case, they will be able to provide you latest updates about the situation.

Contact your Firewall service and let them know that your website is under a DDoS attack. They may be able to mitigate the situation even faster and can provide you with more information.


WordPress is a very secure website builder, but hackers often target it due to its popularity. Luckily there are many security practices that you can follow to mitigate these security flaws. You have all the resources needed with the tap of a button to secure your WordPress site. If you haven’t done it already, take action and do something before it’s too late.

author img


Generic placeholder image
live streaming cloud

2018 Jul 27, 18:07:04

Hey there! I'm at work surfing around your blog from my new iphone! Just wanted to say I love reading your blog and look forward to all your posts! Keep up the outstanding work!

Generic placeholder image
live streaming hardware

2018 Oct 05, 02:10:26

Hello! I simply wish to offer you a big thumbs up for your excellent information you have got here on this post. I am coming back to your website for more soon.

Generic placeholder image
cloud video streaming

2018 Nov 20, 00:11:46

Excellent post. I was checking constantly this blog and I'm impressed! Very useful information specially the last part : ) I care for such info a lot. I was seeking this particular info for a long time. Thank you and best of luck.

Generic placeholder image

2019 Mar 11, 12:03:30

I've read this post and if I could I desire to suggest you few interesting things or suggestions. Maybe you can write next articles referring to this article. I wish to read even more things about it!

Generic placeholder image

2019 Mar 18, 04:03:19

Given info about how to protect your wordpress website against ddos attacks is really helpful for me. Thanks for sharing.

Generic placeholder image

2019 Nov 24, 20:11:13

If you are going for best contents like me, just visit this web page every day for the reason that it gives feature contents, thanks

Generic placeholder image

2020 Mar 23, 20:03:39

I for all time emailed this webpage post page to all my friends, because if like to read it then my links will too.

Generic placeholder image

2020 Mar 26, 17:03:43

Hi there, yeah this article is truly fastidious and I have learned lot of things from it about blogging. thanks.

Generic placeholder image

2020 Mar 30, 06:03:55

Great blog here! Additionally your website so much up very fast! What host are you the use of? Can I get your associate link in your host? I wish my web site loaded up as fast as yours lol

Generic placeholder image

2020 Mar 30, 06:03:52

I'm truly enjoying the design and layout of your website. It's a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a developer to create your theme? Excellent work!

Generic placeholder image

2020 Mar 30, 07:03:57

Hello to all, how is the whole thing, I think every one is getting more from this web page, and your views are fastidious in favor of new visitors.

Generic placeholder image

2020 Apr 26, 12:04:00

Hmm it seems like your blog ate my first comment (it was extremely long) so I guess I'll just sum it up what I had written and say, I'm thoroughly enjoying your blog. I as well am an aspiring blog writer but I'm still new to everything. Do you have any points for novice blog writers? I'd genuinely appreciate it.

Generic placeholder image

2020 Apr 26, 20:04:56

It's an amazing piece of writing designed for all the internet viewers; they will obtain benefit from it I am sure.

Generic placeholder image

2020 May 18, 17:05:19

Thanks for ones marvelous posting! I quite enjoyed reading it, you will be a great author. I will be sure to bookmark your blog and definitely will come back at some point. I want to encourage yourself to continue your great work, have a nice holiday weekend!

Generic placeholder image

2020 May 25, 09:05:51

Very descriptive blog, I loved that bit. Will there be a part 2?

Generic placeholder image

2020 May 28, 18:05:05

Because the admin of this web page is working, no question very shortly it will be well-known, due to its feature contents.

Generic placeholder image

2020 Jun 03, 13:06:43

Its such as you read my mind! You seem to understand a lot approximately this, like you wrote the e book in it or something. I feel that you can do with a few % to pressure the message home a bit, however other than that, this is great blog. A fantastic read. I'll definitely be back.

Generic placeholder image

2020 Jun 04, 05:06:49

Superb, what a website it is! This website presents valuable data to us, keep it up.

Generic placeholder image

2020 Jul 28, 16:07:04

I'm curious to find out what blog system you're utilizing? I'm having some minor security issues with my latest website and I would like to find something more safeguarded. Do you have any suggestions?

Generic placeholder image

2020 Aug 31, 16:08:57

I visited a lot of website but I believe this one holds something extra in it.

Generic placeholder image

2020 Dec 11, 17:12:06

Hey there! I know this is kind of off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I'm using the same blog platform as yours and I'm having problems finding one? Thanks a lot!

Leave A Comment