How to Protect WordPress Websites Against DDoS Attacks. Ultimate Guide [2019]

DDoS stands for Distributed Denial of Service has been around the same time as the world wide web. This type of cyber attack had taken down numerous sites making them impossible to access. Even today, businesses still are vulnerable to DDoS and lose millions of revenues due to this threat. That’s why it is important for every company and individual to learn how to against DDoS attacks by securing the website.

To simply put, DDoS attack consists of a huge amount of requests towards the target website – an amount that the server can’t keep up with and basically shuts down pretty quickly. Even a short shutdown of a website causes huge troubles for the business.

How do you protect your website and privacy against DDoS attacks? Here is my take on this.

1. Website monitoring

There are plenty of services that are offering some kind of monitoring product that notices abnormalities and unusual traffic instantly. Sure, enterprise businesses that can afford this kind of software will take advantage of this by saving time. Yet most individual webmasters can’t invest this heavily into their personal websites.

And the solution to this is very primitive – constant manual website monitoring. Yes, nothing fancy is required when your website does not have millions of unique visitors every month. If you notice some unusual traffic spike to your website, it is much easier to take action and stop DDoS attacks in their early stage rather than noticing this after the server is already down.

2. Keep WordPress up-to-date

We are always delaying updates every day, but the WordPress version is should always be the latest version. Each update consists of new platform features focused on general security. This step actually takes the least effort yet brings you immediate benefits.

Just login to your dashboard and hit update – don’t sleep on this one!

update wordpress-against DDoS attacks

3. Plugins

Let’s face it, you probably chose to build your website on WordPress because of the millions of plugins that are available. We all had a great and terrible experience with them, but bottom line is that plugins help to enhance your website. The main benefit of WordPress plugins is that you do not need to learn a single line of code yet you can have advanced features in your site.

The most essential security plugins you should consider are Wordfence and Loginizer. Quick explanation on Loginizer – it basically blocks the IP address that is making an unusual amount of requests to your website. Nothing fancy but it is lightweight and it works.

Note: you should not rely solely on plugins to keep your website safe from DDoS threats. Other elements and steps are equally important.

wordpress-plugins-against-DDoS attacks

4. Content Delivery Network (CDN)

Everyone has seen this screen at least once in their internet life span. CDN adds another level of security to your website. With CDN, you can set a connection limit, block IPs, it also encrypts traffic and pops up a Captcha for unusually behaving visitors.


One of the most popular CDN is Cloudflare, Good thing that even personal website owners can use this product since entry features (which provides main benefits) are free.

5. PHP version

Your host provider should be striving for the best performance and security measures for their customers. Meaning that all the software and hardware on the provider’s side should all be the latest version. In most situations, this will the case yet you should always keep an eye and ask for latest updates and features.

In your hosting provider dashboard, you will also find the PHP settings tab. Our recommendation is always to update it to the newest version because it brings two major benefits – an increase in page load speed and overall website security. The thing is that usually hosting providers will keep the lower PHP version (e.g. PHP 6.0) because it is a stable version, all of the plugins are working with it and so on. But again, you can use the PHP compatibility checker plugin on WordPress to ensure that all your plugins will work on the latest PHP version before doing the upgrade.

6. Routers and switches

The last tip for keeping your WordPress site free of DDoS attacks is to use it. There is nothing magical about this step but switches and routers usually have built-in software that is able to notice IP addresses that might cause the attack. Of course, hackers might use a VPN service to change their IP addresses but anti-attack software filters out most of the fake traffic in a split second.

How do I set-up this? Well, if you are using a trustworthy hosting provider you are all set. Hosting companies have those features built-in in their products and ensures that first level of defense against DDoS attacks is eliminated on their side.

Have we missed anything? Let us know how you secure your WordPress site against DDoS attacks!

Read more How to Protect Your Website from Malicious Bots