Although it’s pretty much unlikely that any high profile hacktivists are going to be targeting your website via a Distributed Denial of Service (DDoS) attack anytime soon, that’s not necessarily grounds for sitting back relaxed and complacent without a backup / protection plan. DDoS attacks are becoming more prevalent and much easier to execute thanks improvement in technology, bandwidth and accessibility to tools and information on how to do it. We continue to see big brands like Sony get brought down momentarily by these attacks, and even the CIA’s website suffered this pain in 2012. It’s a serious threat.
For clarification, DDoS attacks happen through an overpowering of numerous computers, usually through the use of bots, that continuously send traffic to an IP address or website. As simple as this might seem, the effects can be brutal to a website. What’s worse is that the typical common security protocols that are set up to defend against hacking and intrusion just don’t work against DDoS attacks and taking matters into your own hands, whether it’s through WordPress security plugins or code tweaks and improvements are not sufficient.
Luckily, there are a couple ways to protect a website from DDoS attacks.
Using a Cloud Security Provider
Using proprietary technologies, a number of web security companies have begun releasing different forms of protection from DDoS. These include the likes of Prolexic and DOSarrest, for example, which has a fairly decent track record of mitigating web security threats. However, much of what these products do happens behind the scenes. In the push for full disclosure, more companies and website owners are relying more on cloud security providers, like Incapsula, who not only provide free usage of their CDN but also powerful DDoS protection at fairly reasonable pricing for anyone serious about their website’s security.
Where other services just kind of tell us that things are being handled, Incapsula offers some pretty slick monitoring options that take your website security a step further than a service: It’s a tool. Going beyond just DDoS traffic mitigation, Incapsula protects against other forms of attacks and site outages (both malcontent and accidental) while simultaneously offering a speed boost through those same site mitigation channels; along with pretty much guaranteeing 100% up-time for complex applications through load balancing and failover, spread across multiple servers. What’s even better is that they provide visual and trackable insights into the site’s performance and health.
Sophisticated web threat protection is becoming more available and affordable and it’s a valid inclusion among tools bloggers and other marketers normally utilize.
Self-Protected Domain Infrastructure
Bearing in mind that DDoS mitigation is not for the faint of heart or the modest wallet, I know there are some DIY admin types who live for the thrill of getting their hands dirty. Protecting against a DDoS attack on your own is a massive undertaking that’s easy to get wrong, which would leave you just as unprotected as if you had done nothing at all. But, if you’re up for the task and have the skillset required (seriously, be honest with yourself on this one, you or your client’s product is at stake here), the following Cisco reading material will get you moving in the right direction… if you really know what you’re doing:
Cisco’s Guide to Defending Against DDoS Attacks (A novella’s worth of information at 9,067 words, but absolutely solid information)
Discuss Options with Your Hosting Service
Of the many web hosts online offering bottom dollar deals to get your website up and running , a vast majority of them don’t have the infrastructure set up to properly deflect a DDoS attack. This doesn’t necessarily mean that your cost-effective host, whichever it may be, doesn’t have protection, but that doesn’t mean that they do, either.
Simply put, you should be contacting your preferred host(s) directly to determine precisely what they have in place to protect your site/sites from malicious attackers. Additionally, you absolutely need to know what their policy is on how to deal with sites that are suffering attacks that break through or overwhelm their servers. The punishment of a week or two of downtime from your host can be more damaging than the original attack itself since it’s more likely that your account will be blacklisted or suspended rather than the company taking full responsibility. Your best bet for protection via a web host is going with a premium provider like WP Engine who pride themselves on running very secure and well managed hosting environments.
The most important thing you should keep in mind is that, for relatively little time invested, you can set a site up to be guarded against incredibly expensive attacks. There’s no reason to find yourself in a situation where you’re looking for protection after a DDoS is launched. The risk for loss of traffic and in some cases, sales, is much too great.