Right now, with the advancement in technology; the “bad guys” have more opportunities to “prove themselves.” Especially when it comes down to the cyberspace.
So well that’s one of the reasons why I’m writing this piece today, where I’ll be explaining to you how to protect site from DDoS attacks. Well of course before that, it’s a good thing for us to take a sneak-peek into what DDOS exactly is, huh?
If you have a WordPress Website, make sure you have created WordPress backup because attackers can easily attack any website. You can easily Restore WordPress backup.
What is DDOS?
DDOS is just a kind of attack that has the capabilities to get your server down and hence, as a result, your site won’t load, simple as that.
But if you want a better explanation, well then the full form of DDos is- Distributed Denial of Service attack, and it is an attack which consists of sending more request to your server than it can handle, which in turn causes the server to crash.
There are more than a single variation of DDoS attacks, although DDoS is often confused with Brute force attack, they both are entirely different.
A brute attack is only trying random set of passwords for admin access while a DDoS attack can bring a website down completely.
How to Stop a DDoS Attack?
I’ve covered anti-DDoS protection tactics right down here, so keep reading.
Well, Cloudflare is a great, easy to use, an online tool that would come to your rescue if a DDoS is being attempted over your site.
Note – When under attack, visit the following URL https://www.cloudflare.com/under-attact and it will help you fight the attack and bring your site down to normal.
How to Protect a Site from DDoS:-
Start with analyzing you Hosting server; you should choose a hosting based on reviews and functionalities, not by their price.
No doubt you are very familiar with many hosts which provide hosting for $2 per month, well sure it is not going to be blazing fast and cut the mustard.
Managed WordPress hosting is way better when it comes to secure hosting.
Well, a good place to start is by verifying the level of control you’ve got along with your servers.
Majority of them will offer:
- A managed WordPress hosting
- Daily or weekly backups
- Automated security update
- 1-click restore options
- automatic caching
- top tier security
No matter which host you decide to go with, you should check the following if they offer it.
- Run stable versions of server software and patch as necessary
- Have an option or auto Enable a server-level firewall
- Let you make a backup or restore site or database quickly
- Intrusion detection
Hosts which provide managed WordPress hosting (such as wp beginner or wp engine for example) uses caching.
A CDN passes the catching; that is a pretty good deal.
Setup WordPress Using W3 Total Cache with a CDN:=-
However, if you are running on a host which is not managed, you can implement a CDN network and a caching plugin (w3 total cache for such purpose).
CloudFlare is the most popular. The traffic has to pass through the CloudFlare servers, and the attacks will be absorbed by the Cloudflare’s extra layer. You can see this guide to add/remove Cloudfare on your Website.
When someone tries to access the website they might see this page. So make sure your traffic is from real people and not bots or some kind of traffic tool.
Managed hosts (such as WPEngine for example) use caching which is passed through a CDN, so if you do not aspire to use a managed WordPress host, then do consider implementing a CDN alongside a caching plugin such as W3 Total Cache
Both are easy to set up and from that point of the time, all your traffic will be passed through the CDN caches as well as passing through an SSL (secure socket layer/ TLS).
You can seek the information from maxcdn, in case you need help. They have a pretty good visual guide.
More precisely you’ll learn the following, What is a CDN? How SSL Works.
If you have your website hosted on a shared server, it is easiest for the hosts, but it does not guaranty a most secure environment . In case, VPN and dedicated server tend to give more control.
Here are the ways to bulletproof your WordPress website. (most of the following are for advanced users (you should be familiar with admin tasks and coding).
So if you are shouting out ‘No I am not’ then ask your Web developer to do it for you.
Opt for Automatic Updates:-
Make sure to get updates automatically in WordPress; you will get minor automatic updates. However, make sure to backup your website in case something goes wrong, and cause your site take out
Make sure to get updates automatically in WordPress; you will get minor automatic updates. However, make sure to backup your website in case something goes wrong, and cause your site take out.
Note: you need to add a line to your “wp-config.php” file to let major updates get installed automatically.
#Enable all core updates, including minor and major:
define ( ‘WP_AUTO_UPDATE_CORE’, true );
There are few plugins which allow you getting daily updates, make sure you get them if you’re serious about your security.
Using .htaccess to Strengthen Your Security:-
You need a strong enough .htaccess file if you’re going to get anywhere with all of your security measures. And well a good way to do that is:-
AuthName “Private access.”
require user mysecretuser
Next, time you when you log in, it will open a prompt display, and you’ll be required to input your username and pass. Afterward, you need to log in the standard login screen of your WordPress website.
Obviously, use a different password for both. Or else what’s the use, huh?
One more advice is to delete the username ‘admin’ and make a new one with different that ‘admin’ username. This changes your Wp login directory URL and gives you an edge.
WordPress Security Plugins:-
Yes, you can, of course, use WordPress Security Plugins. At the time when you do install the security Plugins check their update timing, they should frequently be updated. Check their reviews and users rating.
Cut down Plugins you are not using, often check to figure out unwanted Plugins and themes, they sometimes lead to over-cluttered memory usage anyway.
Use Plugins to Stop XML-RPC Abuse:-
Well, you don’t need to get into technicalities. Because that would require me to go on talking about all the critical terms and methodologies of what XML-RPC abuse exactly is.
What you do need to concern yourselves with is, if you want a secure future from Distributed Denial of Service ( DDoS ) attacks, get the following plugin.
It stops the hackers from doing certain things to your website which you don’t want to be done, simple as that.
What this exactly does is, stop your xmlrpc.php to be hit. (I hope that’s enough “hacking” class for today, right?)
Ah, make sure you’ve got WordPress 3.8.1 or higher before installing that.
Securing your website should be your first step, always keep frequent backups of your website data. Avoid DDoS attacks by utilizing the given tips in this guide. If you are using WordPress themes, make sure you are not using nulled themes which may have infectious code that can leak all the credentials to attackers. Customizing WordPress themes are really easy and any skilled attacker can easily inject code in such themes.
Don’t use pirated plugin or themes. Using the combination of the following instructions will make your WordPress website safe so you now can sleep in peace without the need to stress on how to protect site from DDos attack right? Hope it helped.
Evan Derek is the Founder and Chief SEO Analyst @ VebbLabbs. Specialising in Affiliate Marketing and helping newcomers to make it a stable profession in the online world, he boasts 6+ years of experience in the industry. 19 year has he spent on this planet successfully, and plans on spending atleast 50more !