Today just a few hours back BlogsnClicks faced a massive DDOS Attack. The attack was massive and we survived. Today I felt like all my attention and investment to security and backups paid off. It was such a peace of mind. I’m sharing this information cause I’ve seen many Bloggers taking security and backups lightly. They rely on their Hosting provider to provide security and backups.
The Midnight Alert
Right now It’s 3:00am in the morning and the attack started somewhere after midnight and lasted a few hours. I normally work overnight and was finalising the key points for my next post. That’s when suddenly my mailbox started showing 60 unread emails. I had checked my emails a few minutes back and there was no reason to expect so many emails. Curiously I switched to Outlook and what I saw skipped a heartbeat.
Here’s what I saw –
There were simultaneous Login attempts to BlogsNclicks. I receive 5-10 such alerts every day. But today it was massive. By the time I was going through these emails I refreshed the mailbox and now outlook was receiving another 1600 emails.
The next reaction was to check the Blog. The worst of the scenarios were spinning in the head. Will I be able to retrieve my Blog if it’s hacked, will I loose the data, what will happen to my search rankings etc. To my relief – everything was working as normal. I just can’t express what I went through in those few minutes. Wordfence was Blocking all fake Login attempts. Thanks to some simple configuration I had done after installing the plugin.
The first thing I did after checking the website was – I logged into my CloudFlare CDN Account and just enabled the I’m Under Attack mode on the CloudFlare dashboard .
The effect was simple. Cloudflare started verifying each and every request to the website and started showing an interstitial for five seconds before delivering the actual page.
Within a few minutes, Cloudflare was taking care of the attack and only verified traffic was reaching the Website.
What Saved The Day For BlogsnClicks
I have always been a curious reader and had read a lot about securing WordPress, DDOS attacks, hacking attempts and other Blackhat tactics that are used by hackers and data thieves. My hosting provider (Namecheap) has robust security setup, but I always like to be double sure. I had read through many blog posts about recovering from Hacked sites and the pain of recovering data and rankings. With all that research I wanted to be double sure and had zeroed in on Wordfence as my Security plugin and Cloudflare for content distribution and protection.
Advice to Fellow Bloggers
After going through today’s experience, I would like to give one simple advice to my fellow Bloggers and newcomers –
Never Ignore Security and Backups
Do not just rely on your Hosting provider to do these things for you. Even if it is offered by default, set your own second line of defence. If you don’t have much knowledge about DDOS attacks and its implications – here’s an article by Tony Perez from Sucuri which deals with the Impacts Of A Hacked Website . Also, remember it’s not just data that you’re gonna lose (which can be recovered if you have regular Backups), you will also loose your rankings for a long term. I will share with you this excellent post by Matt Morgan from Search Engine Watch that shows how search engine rankings of hacked websites get affected.
So How To Secure Your Cherished Dream
- Choose your Hosting Provider wisely – (Here’s The Ultimate Guide To Web Hosting )
- Don’t rely on the Hosting provider for Security and Backups
- Install Wordfence or similar plugin which has an active firewall (even a free version works well)
- Use a CDN such as CloudFlare to deliver cached pages and protecting your website from unwanted bots.
- Use a professional Backup plugin. Go for the professional ones like BackupBuddy or Indeed Super Backup.
- Save an offsite copy of your Backup on the cloud – You can store it to Dropbox, Google Drive or Amazon AWS.
- Do not install Themes, Plugins or Scripts from unverified sources.
- Always keep your Plugins, Themes and WordPress Installation updated. (How a non-Updated Rev Slider plugin caused the Worlds Biggest Data Hack At Mossack Fonseca)
- Lastly, don’t just install the plugins – put some time to read the documentation and set the right options.
Off To You
This was an experience which proved me the importance of security and taught me the lessons without burning my fingers. It’s up to you now how you secure your Blog or WordPress site. But I would advise – Don’t get your fingers burned.