Protect your WordPress website against network, transport, and application layer DDoS attacks using Cloudflare’s DDoS protection.
In this article, we’ll dive into DDoS (Distributed Denial of Service) attacks on WordPress websites, learning about what they are, the most common types of DDoS attack, and how to enable DDoS protection for free on your WordPress website.
A Distributed Denial of Service (DDoS) attack is an attack against any website or online application by using thousands of unique IP addresses to overwhelm servers with more connections than they’re capable of handling.
An attack of this nature is the result of a network of “zombie” computers being used by an attacker, unbeknownst to owners of the machines. The technical term for this network of zombie computers is a botnet. When a server is overwhelmed with these connections, legitimate connections can no longer be accepted, and the website becomes inaccessible.
A key advantage for attackers to use distributed denial of service (DDoS) attacks, rather than a singular denial of service (DoS) attack, is that many machines located around the globe are being used to generate traffic and, as such, is it’s much harder for a website to track and thwart these attacks.
There are three different types of DDoS attacks, each occurring within different layers of the OSI (Open Systems Interconnection) model. The OSI model outlines seven layers of a communication system used by computers, within a network, to send and receive information.
Layer 3 and 4 attacks target the network and transport layers of the OSI model. These attacks operate by overwhelming a target website, consuming resources of the website’s server until it is so overwhelmed that it becomes unavailable to serve legitimate traffic. DDoS attackers predominantly target layers 3 and 4 because it’s the easiest route to disrupting a website’s availability; fortunately, it’s the easiest to mitigate of the two types of attack, and leaves no permanent damage to the website after it has ended.
Layer 7 DDoS attacks target the application layer of the OSI model. Application layer DDoS attacks are more complicated than a layer 3/4 attack described above, as they target the user interface of the website or application, simulating human-like behavior, rather than flooding network or transport layers. One way an attacker might go about executing a layer 7 attack is by targeting specific on-page elements of the site, such as downloading a resource or submitting a form; this type of behavior is almost impossible to thwart if you do not have DDoS protection software in place.
Cloudflare, the performance and security company, has recently launched a WordPress plugin which allows you to enable Cloudflare’s free plan, with optimizations purpose-built for your WordPress website. Cloudflare’s free plan provides basic DDoS protection against layers 3, 4, and 7, an SSL certificate, and performance improvements. For an even faster and more secure website, you can upgrade to a higher-tier plan within the plugin.
1. To download the Cloudflare plugin into your WordPress admin panel, please visit: https://wordpress.org/plugins/cloudflare/
2. Once you’ve installed the plugin, you’ll need to activate it through the WordPress plugin panel.
3. If you're upgrading from the old plugin, and had previously inputted your API Key, you'll be automatically logged in after updating the plugin. If this is the first time you're installing Cloudflare's WordPress plugin, navigate to the plugin settings in your WordPress admin panel after activating, and input your Cloudflare username and API key; to find your API key, follow these instructions. If you do not already have a Cloudflare account, you’ll see the option to create one.
4. After successfully logging into the plugin, the first setting you’ll see at the top of your dashboard is “Apply Default Settings”. Clicking “Apply” will enable specific Cloudflare settings, optimized for the WordPress platform. These settings can be found here.
5. Once this setting has been applied, that’s it! Your WordPress website is now protected against DDoS attacks and is on the Cloudflare network. You’ll also begin to see improved website load speeds, bandwidth savings, and protection against hackers, spammers, and bots.