Comments on: DDoS Protection Guide – How to Help Protect Your WordPress Site From Attacks

By: Monika Czaplicka

Monika Czaplicka — Sat, 15 Jul 2023 17:29:21 +0000

I’ve got the 404 attack on my website. These types of attacks can be quite disruptive and frustrating. It’s important to promptly investigate the source of the attack and implement robust security measures to prevent future incidents. By staying vigilant and keeping your website’s software up to date, one can mitigate the risk of such attacks and ensure a smoother user experience for your visitors. Stay proactive and resilient in safeguarding your online presence.
Defender works greatly :) Thanks!

By: All2WP

All2WP — Sat, 03 Jun 2023 08:41:14 +0000

The good news? DDoS attacks can be prevented if you know how to stop them. As you’ll see, it’s not that difficult, especially with the help of a CDN, our security plugin, Defender, and a dash of good hosting. Plus, you may have a lot of precautions in place already.

DDos is scary.

By: Phil

Phil — Fri, 27 May 2022 15:01:16 +0000

Another in depth and informative post, thanks!

Many of these lessons learned also apply to bursts of traffic or how to deal with high traffic to your site. Having a good caching system in place as well as offloading resources to a CDN are useful for ddos and also jumps in traffic volume.

By: Nebu John

Nebu John — Mon, 25 Jan 2021 03:23:53 +0000

In reply to Webxopt.

Hi Webxopt,

Yes, selecting ‘Block All’ in the Banned list and adding the countries that you do want to give access to the Allowlist should do the trick.

Regards,
Nebu John

By: Webxopt

Webxopt — Sun, 24 Jan 2021 23:37:23 +0000

In reply to Predrag Dubajic.

You were right. They take a good while to come through. This is a nice feature. A bit confusing I find though when you only want a few countries open. Do you really need to manually select all but the countries you want, or can you select all, then add the countries that you do want to give access to onto the whitelist.

By: Predrag Dubajic

Predrag Dubajic — Thu, 21 Jan 2021 07:41:55 +0000

In reply to Webxopt.

Hey Webxopt,

When License Key is created on MaxMind it can take few minutes for it to start working and during that time it would return “Unauthorized” message.
Can you try waiting for around 5 minutes after the key is created and then add it in Defender which should do the trick.

If you’re still having issues with this could you please open a support ticket or chat so we can check it out further?

Cheers,
Predrag

By: Webxopt

Webxopt — Thu, 21 Jan 2021 00:32:15 +0000

What would be good, and that I haven’t seen a plugin do well, is for us to be able to be able to block all visits, but a list of countries where you do business. I noticed that you now do this based on signing up to GeoLite2, however I have not been able to get this to work. Following your instructions I just get an “unauthorized” massage in the interface when I add in the licence key.

By: Nithin

Nithin — Thu, 14 Jan 2021 07:19:01 +0000

In reply to Jerome.

Hi Jerome,

Cloudflare is more of a suggestion, it’s up to you if you want to implement Cloudflare or not. What Defender offers is application-level security, and it should help with protecting the site from Brute force, 404s etc by implementing lockouts.

A firewall is a protocol layer 7 defence and is not designed to defend against all types of attacks. The firewall in general works by filtering the traffic and compares that with any possible request that tries to access your server. If the rules of the Firewall breaks it wouldn’t let the traffic reach your server.

So with all the mentioned configuration in the above article ie with Defender, Firewall, Smush and Hummingbird CDN, it should be enough to help protect your website.

Regards,
Nithin

By: Jerome

Jerome — Wed, 13 Jan 2021 02:09:02 +0000

Thanks for this detailed and very well written article!

One of my hosted site (on wpmudev) recently got victim of a DoS attack. I saw the alert email on my phone almost 3 hours after it arrived. So I immediately tried to load the website and it did not load. So I reached out for support over the chat because I did not know why the site was down. I learned that an IP was making many hits, so we added it to the Firewall block list. Then the site came back to life.

Since then, I am wondering why the Firewall or Defender did not automaticaly block that IP? I saw from the log that no pages or files were requested… So maybe that’s why Defender did not act on this. But what about the server?

Since I’m no expert at that topic, I’d love to know more about it!

Also, from what I read above, are you suggesting that we should add CloudFlare even if we have all wpmudev’s security bells and wistles activated?

Thanks for the article and looking forward to read more from you! :-)