The Hidden Tactics Cybercriminals Use in DDoS Attacks—and How You Can Outsmart Them Before It’s Too Late
Rate limiting can apply to login attempts (such as those covered by brute-force protection on WordPress.com), API requests, visits to specific URLs, or other levels of the network.
Use allowlists to exclude known legitimate IP numbers from rate limiting to allow yourself and other website users to continue taking action against an ongoing attack. Use blocklists to keep away repeat offenders or known botnets.
8. Develop a response plan
Even with solid defenses in place, no site is fully immune to DDoS attacks. Creating a clear plan for the worst-case scenario will help you quickly identify, mitigate, and recover from an attack. Do the following: