There are two principle ways that malicious actors on the internet can cause harm to a website. The first is to gain access to the website through the discovery or theft of passwords and login credentials. The second is to overwhelm the host server in order to stop people from visiting the website.
DDoS stands for “Distributed Denial of Service” and is the latter type of attack. When a DDoS occurs, it involves sending thousands of computers to “visit” a website so that the host server becomes overwhelmed and can no longer deliver files, thus making the website unavailable. Because all that is needed is the ability to coordinate thousands of computers and not access to secret information like passwords and login credentials, the DDoS attack has become one of the most commonly used weapons on the internet.
As the administrator of a WordPress website, it can be difficult to defend against a DDoS attack because your host server is being defeated for simply doing its job – delivering content to any visitor who wants it. Defence techniques against DDoS vary, but they generally rely on compiling lists of bad actors and restricting their ability to get a response from the host server.
If you’ve suffered a DDoS attack or are concerned about how to protect your WordPress website from a DDoS attack, the first thing to do is contact your web host and ask for assistance. Some web hosting companies offer their customers special security tools that can help against a DDoS attack, so be sure to look on the cPanel dashboard of your hosting account to see what tools are available.
There are also web-based solutions against DDoS attacks available from companies like Sucuri and Cloudflare, but keep in mind that these companies only offer their services for money, so your monthly website operating costs will go up.