DDos attack stands for Distributed Denial of Service and puts the victim's web services out of order by sending a significant amount of requests. The DDoS attack is a method in which an attacker sends traffic (called "requests") through compromised networks and computers to the target to make the targeted system too busy to be able to respond to any other requests from legitimate users.
How Does DDoS Work?
During a DDoS attack, a target server or network receives frequent requests from compromised systems and this makes the bandwidth limit of a network or resources of a server to max out. This slows down the server response and sometimes the server becomes useless. There are various types of DDoS attacks. In this article, we will explain the two most common types of DDoS attacks called Volumetric Attacks and Application Level Attacks .
In this type of attack, a target site or a network receives traffic and requests from botnets and infected zombie systems. The examples of this attack category are connection floods , TCP SYN floods , and ICMP / UDP floods. This type of attack targets the third and fourth layer of the TCP / IP protocol called Network Layer and Transport Layer respectively. In these types of attacks, the attacker generates high bandwidth of traffic by using infected systems.
Application Level Attacks
Application Level DDoS Attacks is called Layer-7 DDoS attacks. In these attacks, the actor sends traffic to specific sections of a website to target vulnerabilities in web applications. Application Level DDoS attacks do not make a website down but increases bandwidth consumption. It also slows the sites by a great deal. In these attacks, since the traffic looks like if it comes from real humans, detection is hard. The attacker in these types of attacks uses HTTP, DNS and SMTP requests.
How To Protect Your WordPress Website Against DDoS Attack?
WordPress is one of the best CMS solutions and it is supported by a huge community of developers. This CMS is prone to vulnerabilities. Most users' website is being used as a zombie to attack another website and they are not aware of this. To reduce the threat of DDoS attacks, fix vulnerabilities in your WordPress sites. Steps to Protect Your WordPress Website Against DDoS Attack are as below:
1- Block XML-RPC functionality
XML-RPC functionality is enabled by default since WordPress 3.5 and provides services like pingbacks and trackbacks . An attacker can exploit these functionality to send HTTP requests to a target website. If thousands of compromised WordPress sites start to send requests to a target website at the same time, a Large Application Layer DDoS attack can occur.
It is better to disable XML-RPC functionality on all of your WordPress websites, so they can not be used to launch a DDoS attack using pingbacks and trackbacks. To do this, add the following code to your .htaccess file .
START XML RPC BLOCKING #
Order Deny, Allow
Deny from all
FINISH XML RPC BLOCKING #
Notice: Alternatively, you can use a plugin like Disable XML-RPC Pingback to disable the pingback and trackback functionality and keep other functions of XML-RPC intact.
2- Update your WordPress Version Regularly
Update folowing options with your Wordpress:
- WordPress installation
- WordPress themes
- Apache version
- WordPress plugins
- PHP version on the server
- Mysql version
3- Contact your hosting company
You should contact the hosting company and discuss if the servers and network hardware are updated. Also, you should ask them what security measures they provide.
4- Use Security Plugins
You can add a layer of defense to your WordPress website by configuring a security plugin can. A security plugin called WordFence monitors and prevents DDoS attacks on WordPress websites.
Congratulations! You have learned how to protect your WordPress Website against DDoS Attacks .
If you are facing any problem with the installation, feel free to comment here. We will help you to solve the issue.