With the official implementation of fandemic in many countries and the explosive growth of online business, digital attacks have become more frequent and the threat has become greater and greater. The most common and dangerous part is DDoS attack. This guide shows how to prevent DDoS attacks on WordPress sites. What are DDoS attacks? Male before understanding how to prevent DDoS (denial of distributed service) attacks, first understand what DDoS is. In short, DDoS attack is a denial of service (DOS) attack, including hackers using fake traffic to overwhelm multiple connected online devices used by website servers.
In a DDoS attack, these connected systems and servers will launch the attack separately, but they will be temporarily invisible until they are blocked at the same time. With this tactic, you can easily enhance the impact of these attacks, thereby slowing down and eventually crashing into the target server. An interesting thing about DDoS attacks is that they do not attempt to invade or directly access the server. On the contrary, the goal is that in a specific time, the website and server conflict and users cannot access it. However, DDoS attacks may become a covert means of violating server security.
So what happens if it’s a victim of a DDoS attack? If the hacker successfully conflicts with the server, problems may occur. Not to mention other costs such as bandwidth, restoring the system may cost thousands of dollars. More importantly, the attack will have a huge impact on traffic, word-of-mouth and sales results. Are DDoS attacks common? yes. In fact, DDoS attacks are becoming more and more common. Recent research shows that there are now 16 DDoS attacks every 60 seconds! In 2019 alone, there were more than 8.4 million DDoS attacks worldwide.
To avoid all these problems, it is most important to prevent DDoS attacks on WordPress sites. This guide shows what you need to do to avoid these problems and ensure the security of your website. WordPress ways to prevent DDoS attacks the following are some ideas for WordPress to prevent DDoS attacks and avoid hackers affecting websites. wp-login. Disable access to PHP WAF activate website traffic monitoring access restrictions in the WP Admin field country disable DDoS attack API disable XML RPC API rest API regularly update WordPress 1. wp-login. Block access to PHP WP login. PHP file is one of the most common paths used by hackers for DDoS attacks in WordPress. For example, quadlayers uses WP login. Block access to PHP files more than 250 times a day!
If you use services such as cloudflare, someone will WP login. You can see the number of attempts to access the PHP file. And you’ll be surprised how high that number is. Blocking access to these files is one of WordPress’s best ways to prevent DDoS attacks. Most security services are WP login. Provides a variety of options to block access to PHP. We use cloudflare, so we use the service WP login. I’ll show you how to prevent attacks on PHP files. Cloudflare’s free program can set up to five rules, so you can enforce them at no cost.
From the panel, go to firewall > firewall rules > create firewall rule. Specify a name for the rule and fill in the blanks with the following information: Male field: URI path operator: contains value: \/ WP login. In the PHP or expression preview section, you can copy and paste the following code:
。 (http.request.uri.path contains \
There are many WAF solutions to choose from. Before deciding which one to use, make sure that the protection features are appropriate not only for your site, but also for your price and ease of use. We have used several of them over the years, and we actively recommend Sucuri. For free plug-ins and individual websites, we have several professional programs, starting at $199 a year. Cloudflare is also a great choice. Free plug-ins and programs are available for $20 a month, including DDoS attack mitigation. In addition, in order to improve the overall protection of the site against all types of malware, it is recommended that you follow some security techniques.
3. Website traffic regulation. The surge in traffic does not necessarily mean good news. Although this is not always the case, DDoS attacks usually involve a large amount of traffic. These volume attacks are network-based and sometimes mistaken for new visitors. If your website has a large number of new visitors, please make sure that it is a new user or someone wants to interrupt your website. The best solution is to install monitoring tools, view logs, and warn when requests \/ visitors suddenly increase. This prevents DDoS attacks on WordPress sites.
To distinguish between new visitors and DDoS attacks, please note the following: Communication source: is there communication in the target area? For example, if you target local customers but receive a lot of communications overseas, something strange will happen. Traffic time: if you witness a surge in visits at 3 a.m. local time, it may be an attack. Your business characteristics: consider your business type. For example, if swimsuits and beach suits are sold, a sharp increase in summer visitors is normal. Google bots and other search engine mouse passers-by sometimes make suspicious requests to websites. To prevent DDoS attacks instead of robot attacks, consider the differences.
4. Restrict access to the WP admin area. WordPress is the place to control all the most important activities, so you must be the only person who can access the WP admin area. However, when restricting access to the WP admin zone, \/ WP admin \/ Admin Ajax. php , \/wp-admin\/theme-editor. Do not include specific files used in plug-ins and topics such as PHP. You must access the WP admin area from outside. In addition, reporter may appear on your IP and your website.
When using security services, it is not difficult to configure. In our case, use cloudflare to do the following: From the panel, go to firewall > firewall rules > create firewall rule. Specify the name of the rule and fill in the blanks with the following information: Male field: URI path operator: contains value: \/ WP admin \/ [also] field: URI path operator: does not contain value: \/ WP admin \/ Admin Ajax. PHP [then] field: URI path operator: no value: \/ WP admin \/ theme editor. PHP [also] field: recommender operator: does not contain value: quadlayers. Com [then] field: IP address operator: does not contain value: 182.189.59.210 otherwise, you can click to edit and paste the following code: (h
ttp. request. uri. Path contains \
Reject order, allow
Deny everyone
Male 6.2) in the rest API word press, another API that can be disabled to prevent DDoS attacks is the rest API. This API allows third-party plug-ins and tools to access word press data, modify and delete content. The easiest way to disable this API is to the disable WP rest API free plug-in. Activation after ing will complete all settings. The tool starts immediately and disables the rest API for all users who are not logged in without additional configuration. 7. Regularly update WordPress, which can not only prevent DDoS attacks, but also protect the website from many other types of attacks and hacker attacks. Therefore, it must be updated regularly. What if the PHP version Apache, mysql, OS and all other scripts and software installed with WordPress, theme and plug-in server are attacked by DDoS? Although you can prepare in advance on WordPress to prevent DDoS attacks, what should you do if you are attacked? The following are the immediate countermeasures to be taken in DDoS attacks: 1. When faced with the crisis of informing the team, working together will become the best strength. If you are attacked by DDoS, please warn team members, let them know what happened and help them take countermeasures. 2. This is particularly important if the website attacked by the customer notification is the woocommerce store, and the customer cannot log in to the account or buy products within the corresponding time. If it is not published and explained at the critical moment, it may damage the reputation. Therefore, through email or social media, the website has a technical error
