WordPress DDoS Attacks, A Problem You Can’t Protect Against With Plugins

The more popular a website is, the more likely it’ll become a target for cyber attacks. That holds true for the platform the site is built on too – and WordPress is one of the most popular platforms on the Internet. According to a 2015 W3Techs survey, WordPress websites make up 58.7% of the CMS market and WordPress powers 25% of the entire Internet. There are many different kinds of attacks to watch out for as well — we’ve discussed maintaining updated plugins and themes, using secure passwords, and other tips in previous blogs. All are important methods to secure your clients’ WordPress sites — however, DoS or DDoS attacks present their own kind of problem.

Why are DDoS Attacks So Bad?

DoS / DDoS attacks, or (Distributed) Denial of Service attacks, occur when a hacker floods a website with too much traffic for it to handle, causing it to slow down or shut down altogether. According to Akamai’s Q1 2016 report, there has been a 125.36% increase in total DDoS attacks from Q1 2015.

If you need proof of the frequency and the terrible nature of DDoS attacks, you only need to look at the massive DDoS attack that hosting provider Linode LLC experienced over Labor Day weekend. Linode described the attack as “a catastrophic DDoS attack which is being spread across hundreds of different IP addresses in rapid succession” and said that it caused intermittent connectivity issues – a prospect that should strike fear into the hearts of any web professional. According to an article by SiliconAngle, this was not the first time Linode had been targeted by a DDoS attacks – further proof that DDoS attack frequency is rising and anyone can be a target.

For Linode, and any other businesses under a DDoS attack, a common consequence is unusually slow websites or an inability to access sites at all. According to a Kaspersky Lab and B2B International survey, DDoS attacks cost small-to-medium-sized businesses an average of $52,000 per attack — a cost that includes hiring IT security consultants, temporary loss of access to business-critical information, and reactive spending on software or infrastructure. Additionally, 38% of businesses also reported damage to a business’ reputation as a major consequence.

With DDoS attacks becoming a bigger and bigger risk for websites large and small, how should you protect your clients’ WordPress sites?

Protecting Fully Managed WordPress Sites from DDoS Attacks

WordPress, unfortunately, doesn’t have built-in features to protect against DDoS attacks — and it’s not easy to achieve via a plugin either. One of the best ways to protect your clients’ WordPress sites from DDoS attacks is with a host that has protection built into the network, filtering malicious traffic before it even hits your routers or servers.

For example, Liquid Web includes basic DDoS protection with every fully managed server, with the help of Corero. As a developer you don’t need to configure any settings at all. The service is always active and automatically mitigates volumetric attack of all sizes. We monitor all network traffic (not just web traffic) to your servers at the border layer of the network in real time. Malicious traffic is scrubbed and separated from legitimate traffic, allowing your clients’ sites to still function and receive traffic throughout the attack.

Protecting the entire server from DDoS attacks creates a “first line of defense” for your clients’ sites and saves you the time and effort to mitigate attacks when they do occur. Rely on your managed web host to stop DDoS attacks in their tracks — so you can focus on developing client sites, not mitigating malicious traffic.