preventing DDOS attacks

  • I am working on a website and we have been under kind of a sustained attack. Basically people just guessing usernames and passwords. I have wordfence setup, login lock outs which lock out the IP when an invalid user name is attempted, hard passwords (generated with enpasse) and even installed WPS Hide Login to change the url for the login page. Still getting notifications from wordfence showing a variety of IPs trying to access admin.

    Any suggestions on how to deal with this?

Viewing 1 replies (of 1 total)

  • Hi, a few things come to mind. Try getting access and learning how to do some settings in your server firewall, thus blocking some of this on the server level. Next, use country blocking if at all possible, use it both at server level and in Wordfence Premium.

    In Wordfence, fine tune your blocking and use long periods for the blocks, 48 hours or more.

    Study up on .htaccess settings that help block various sorts of bot attacks, implement those as well.

    Lastly, virtually all websites are constantly attacked. It’s become ridiculous. Problem is that the ISPs make money from selling the bandwidth we all give to the bots and criminals for free so they can attack our websites. It’s like parking your car overnight with the keys hanging from the door handle, and paying someone (the ISP) to shine a spotlight on the keys. Thus, the last part of this is to simply pay for enough bandwidth so the bots won’t shut down your site. Wonderful.

    MTN

Viewing 1 replies (of 1 total)
  • The topic ‘preventing DDOS attacks’ is closed to new replies.