The Dangers of Distributed Denial-of-Service (DDoS) Attacks to Your WordPress Website

What safeguards does your website have in place to protect against distributed denial-of-service (DDoS) attacks? While DDoS attacks have been around since the mid-1990s, they’ve become increasingly common in recent years. According to a Netscout study, over 10 million DDoS attacks were recorded in 2020. With DDoS attacks at an all-time high, you can’t ignore their potential dangers when developing and managing your website.

The Basics of DDoS Attacks

A DDoS attack is a type of cyber attack in which a bad actor spams a website with data packets. Data packets are the language that websites use to communicate with visitors. Visitors will send your website data packets in the form of request headers, and your website will send those visitors data packets in the form of response headers.

During a DDoS attack, a bad actor will flood your website with request headers — or other data packets, depending on the type of DDoS attack — in an effort to directly harm your website’s performance. Unlike with many other types of cyberattacks, DDoS attacks aren’t designed to steal data, nor are they designed to deploy ransomware or malware. They are specifically designed to overload your website’s server with an excessive number of data packets, thus dramatically degrading site performance or forcing it to temporarily shut down.

There are also denial-of-service (DoS) attacks, which is a simpler version of DDoS. DOS attacks are defined as those in which the data packets originate from a single source. In comparison, DDoS attacks use multiple sources from which to send the data packets.

Most DDoS attacks involve a botnet. A botnet is a collection of hijacked computers and devices that are used for malicious activities. The computers and devices originate from many unique Internet Protocol (IP) addresses, making them a common vector for DDoS attacks.

Loss of Data

A DDoS attack can cause your website to lose its data. A report published by Kaspersky Lab found that a little over one-quarter of all DDoS attacks result in the loss of data. If you’re trying to publish a new page of content, a DDoS attack may prevent you from doing so. You may be able to log in to your website’s content management system (CMS) to create the new page. Upon clicking the “Publish” button, though, all of your work will be lost.

Slow Page Load Times

Your website will probably suffer from slow page load times during a DDoS attack. The speed at which pages on your website load is largely influenced by the number of available server resources your hosting provider offers. If your website’s host has plenty of server resources – as well as countermeasures to prevent or mitigate DDoS attachs with a web application firewall – available, a DDoS attack may have a minimal impact on performance. However, if your host has limited available resources or countermeasures in place, a DDoS attack will consume server resources, including bandwidth, by forcing your website to process all of the spam-based data packets.


A DDoS attack can even take your website completely offline. Downtime is common during DDoS attacks. When its server resources have been completely exhausted, your website won’t be able to process any more requests. Visitors may click an external link to a page on your website, or they may enter a page’s address directly in their browsers, but they won’t be able to load it. Your website will simply ignore visitors’ requests while returning an error message, instead. 

A web host that offers WordPress automatic failover and in-depth network redundancy will not be as adversely impacted by such an attack.  

Loss of Search Rankings

In addition to data, your website may lose its search rankings if it’s targeted with a DDoS attack. Search engines won’t exactly punish your website for being a DDoS victim. They realize that all websites are susceptible to these attacks because websites use data packets for visitor communications. Nonetheless, a DDoS attack can drop your website lower down the organic search results pages.

If a DDoS attack takes your website completely offline, search engines won’t be able to access it. And if they can’t access it, they won’t be able to crawl it. Even if a DDoS attack only causes slow page load times without rendering your website inaccessible, it may cause a loss of search rankings. Page load time is a ranking signal. During a DDoS attack, your website may suffer from extremely slow page load times that prompt search engines to assign it lower rankings.

Reputation Damage

A DDoS attack can damage your website’s reputation. A Kaspersky Lab survey of roughly 5,000 businesses that have suffered a DDoS attack found that 39 percent claimed had it had a negative impact on their business’s reputation.

Visitors expect your website to function properly when using it. If your website crashes, loads slowly or displays error messages, visitors may question its credibility. Reputation damage such as this can last long after a DDoS has ended. Visitors might not return your website after having a bad experience. Some of them may even share their bad experience on social media or forums.

Increased Web Hosting Costs

Another potential problem posed by a DDoS attack is increased web hosting costs. There’s no such thing as truly unlimited web hosting. Some web hosting plans come with unmetered bandwidth, but none of them offer truly unlimited bandwidth. So, whether you have basic shared web hosting plan or a premium managed hosting plan, your website won’t have access to an unlimited amount of bandwidth – and DDoS attacks inevitably consume bandwidth. 

According to Help Net Security, DDoS attacks consume an average of 5 Gbps. As your website approaches its monthly bandwidth limit, your web hosting provider may require you to upgrade your hosting plan or purchase additional bandwidth. Therefore, a DDoS attack can lead to increased web hosting costs.

There are other cyber threats that can harm your website, but few are as serious as DDoS attacks. DDoS attacks are non-intrusive, so bad actors don’t need to hack or otherwise breach your website. They can carry out a DDoS attack by spamming your website with data packets from multiple sources, resulting in problems such as data loss, slow page load times, downtime, loss of research rankings, reputation damage and increased web hosting costs.

Pressable Helps Eliminate the Threat of DDoS Attacks

As a premium WordPress managed hosting provider, Pressable provides customers with a web application firewall designed to prevent all types of cyber threats and keep your website up and running 24/7/365. Additionally, all Pressable hosting plans include Jetpack Security Daily for free (a $239 per year value) to provide an added layer of safety and protection.

Have questions about how Pressable’s WordPress hosting plans can help keep your site safe? Interested in seeing our managed WordPress hosting platform in action? Schedule a demonstration today!

Zach Wiesman

Zach has 12+ years of experience with WordPress, from creating and maintaining client sites, to providing support and developing documentation. A knack for problem-solving and providing solutions led Zach to pursue a job with Automattic providing customer support in 2015 working with WooCommerce support, and now Zach has recently joined our team here at Pressable. Outside of work, Zach enjoys spending time with his family, playing and watching sports, and working on projects around the house.

Related blog articles