How To Prevent DDoS Attacks on WordPress Websites?

Updated on By


So, you got yourself a shiny new WordPress website?

That’s awesome, but do you know that there are people out there who’d crash your entire website just for fun? You didn’t, did you?

Worry not!

We’ve got you covered. Here are the top 8 ways you can prevent DDoS attacks on your WordPress websites and keep them safe from any malicious attacks.

1. Get a Firewall Service

DDoS or brute force attacks put a tremendous amount of load on your website’s servers. Even the ones that are unsuccessful can slow your website down or even crash the server. So, that’s the reason why you need to block them before they can make their way to your server.

You need a website firewall service to help protect you from such attacks. A firewall will simply keep the bad traffic out.

There are two different types of firewalls that you can use for your WordPress website.

DNS level firewall – These services route your entire website traffic through their proxy servers which allows them to only send authentic traffic to your site while blocking any bad traffic from accessing your site.

Application level firewall – These are plugins you can install on your WordPress website, but it only filters the bad traffic once it reaches your server. So, it can still affect your server load.

Use a service like CloudFlare or Sucuri because these provide you with a DNS level firewall. All your traffic goes through their cloud proxy server where they prohibit any malicious traffic from accessing your site.

2. Install Updates Regularly

Now, most hackers exploit vulnerabilities in an older version of WordPress and even older version of some of the installed plugins. These vulnerabilities are often fixed with quick patches or new releases.

If you are using an older version of WordPress or using an older version of a WordPress plugin then it’s about time you updated your tools. Upgrade to the latest version of WordPress as soon as possible in order to avoid any mishaps. Also, make sure that you regularly update all the plugins you have installed on your website.

3. Choose the right host

Now, normally installing secure routers and switches would help protect you against any DDoS attacks, but since you don’t have access to the hardware equipment of the hosting company, it’s better to choose a hosting service that has reputable security measures and offer multi-level DDoS protection for your website.

There are countless website hosting services out there, so we are not going to recommend any single service. Just do a quick Google search to find out the best hosting services and choose the one that has the most positive reviews.

Note: Special Thanks to Harvey Williams from for this excellent tip.

4. Install Security Plugins

WordPress gives you the ability to install as many plugins as you like. There are several security plugins available for the platform as well. These plugins help guard your site against any kind of security threats and DDoS attempts. Project Security is a great security plugin for WordPress websites as it comes equipped with an advanced antivirus and firewall to protect your website from any unwanted traffic. Especially while surfing torrent sites, it’s important to use these plugins as the downloaded material often comes with malicious codes within.

5. Block XML-RPC

WordPress has built-in protection against DDoS attacks. It blocks Distributed Denial of Services through the built-in functions. Make sure that your WordPress website has blocked the XML-RPC. You don’t need to carry out any complex steps in order to disable XML-RPC. A simple plugin will do all of that for you with just a click of a button.

6. Cloud Distribution Networks

Cloud Distribution Networks or CDNs are another great security measure that can help your site from slowing down or crashing during a DDoS attack. These distribution networks work by spreading your web traffic across multiple different servers. In case of a DDoS attack, all the traffic is distributed across several servers in order to avoid your WordPress website from crashing or slowing down.

CDNs are not only able to distribute the traffic across multiple servers but also come with several security measures as well. This includes encryption, request limits, CAPTCHAs, etc. which help prevent DDoS attacks from taking place. There are several paid CDN available for WordPress websites. Do a quick Google search to find one that suits your needs.

7. Install WordPress Backup Plugins

OK, you don’t have to worry about DDoS attacks taking out your entire website’s data or wiping the entire server clean, but you always need to prepare for the worse. It doesn’t matter if attacks are a regular occurrence for your website or never happen at all, you always need to back up your entire website on a regular basis.

Having a complete backup of your website comes in handy when things go south. If you happen to lose your entire server data, or your website just gets wiped off the server for any reason, then you will have a fully functional backup of your entire website safe and secure on your choice of storage medium (we suggest making multiple backups, both online and offline).

8. Be Ready

Most people think that their websites are not big enough or worthy enough to be attacked. That’s completely wrong. It doesn’t matter how big a website is for it to get attacked. Maybe, a new hacker wants to flex his hacking-muscles by attacking a small website, or maybe, someone has a grudge against you. You always need to be ready for an attack. The first signs of DDoS attacks are easy to spot, as your website starts getting slower and slower, you can then block all the lousy IPs from accessing your website in order to prevent the attack. But, if you just sit there thinking nobody is going to attacks you then you are in for a rude awakening when it happens.

9. Stay Away from Free Movie Websites

Any free content that you download from the internet comes with its own issues. The free movie sites like Popcorn time or Showbox are an easy way to open up tens of popup windows that ask you to enter your private details. Use genuine services like Netflix to access movies, even if you have to unload some weight off your pocket.

Final Words

Chances are you will not have to experience any DDoS attacks on your website since all the hosting services and WordPress itself have implemented anti-DDoS measures, but at the very least, now you know how you can further improve your WordPress websites security to counter any attacks.

Share This Post:
Disclosure: This page contains external affiliate links that may result in us receiving a commission if you choose to purchase mentioned product. The opinions on this page are our own and we don't receive additional bonus for positive reviews.