Why it is important that you have a good server and that your site works even when you have a lot of traffic to it. Here I will explain some things you should pay attention to if you want your website to work when it is most needed. You have heard by now for sure that some Internet sites were unavailable as a result of DDoS (Distributed Denial of Service Attack) attacks. This type of attack involves sending a large amount of Internet traffic to a targeted site, which leads to the utilization of resources available to it. It may then be difficult or completely disabled for ordinary users to load an attacked site if all resources are consumed and the system stops working. The attack is carried out using a large number of computers infected with a virus that allows the hacker to remotely control. Often, the computer owner does not even know that his computer is part of such a network. So, the attacker tries to disable the site through a series of activities that are directed to various parts of the system that hosts the site, until some of them are discounted. Sometimes it’s a network, sometimes a server operating system, sometimes a platform on which a site is built, or something like that.
In this article, I’m going to write about how to make your site more resilient to an unexpectedly large visit, not a real DDoS attack.
Each system is designed to withstand a certain load and no matter how powerful it always has limitations. When designing systems for hosting important sites, especially today when hardware power is more available than ever, there is always room for planned and unplanned growth. Usually, this safe zone is enough to “ironed” fewer bumps due to sudden shock news or campaign, but sometimes this is not the case. It is for these reasons that Cloud hosting solutions are created – because they allow for easy and fast scaling of resources.
The most important thing is that your site works just when your interest is greatest, right? However, like any other hosting solution where you have guaranteed resources at your disposal, Cloud hosting costs more than a few tens of dollars a year, which is what most people give for hosting personal sites. With shared resource hosting, you share many of your roommates on the server, and if one of you “overdoes” not enough for the others, everything works slow or bad. Also, due to the low cost of such hosting, the amount of resources available to everyone is very modest. However, most of these sites use very few resources, have a small visit, have no need for something bigger, and such systems generally work. Some better, some worse, but they work. Until something unexpected happens. If one or more sites start using more resources than intended, everyone suffers and falls out. Many site owners are not aware of this because they do not understand that hosting other than the hard disk space and the flow that you will use also includes other resources, which are not mentioned anywhere in the sales offers. It would be like buying a cell phone or a computer, and the specification says only the dimensions and color of the case, weight, and shape. And how will it work when you install all the apps you want from Google Play, the Apple app store, and the like?
Each site runs some CMS (Content Management System), which, like computer programs, uses the resources of memory, processor and hard disk. You will often hear that the site is difficult to work with and then cease to be available just when some new captivating content is published, or started to be shared on social networks. That is logical, a large number of visitors came, they were stifling resources and everything stopped. In many cases, on shared hosting packages with sites that are not well optimized (and the vast majority are not), a few dozen or hundreds of visitors in a short period is enough to get everything right. It has the same symptoms as an attack because in essence the attack is carried out exactly like that. Does that mean there were no attacks? No. This should be checked by an expert and his or her own judgment. Maybe it was, maybe the visit made its own, and maybe the combination of the two was fatal.
However, there is a lot that a site owner can do to make a site more resilient to these issues:
Make the platform you use as optimized as possible. Whether it is WordPress, Joomla, Magento, Drupal, or something else, there are numerous ready-made optimization solutions. Usually, these are content caching plugins, and they can allow you to display much fewer resources on your site’s content. Also, it is advisable to check for some bottlenecks, some plugins you are using, that may not be well-written (a common case with untested and poorly programmed WordPress plugins and themes). Always use the latest versions of the platform and add-ons because in this case, the chances of someone exploiting the vulnerability are much less.
Disable DDoS attack on admin panel, ie brute-force attempts to type and crack password for login to the admin part of the site (for WordPress /wp-admin.php, Joomla / admin etc) by hiding logging location – rename log URL into anything else and / or allow panel access from certain IP addresses only. Also, if you use WP, exclude pingbacks and trackbacks. The pingback system is, among other things, one of the most common channels for DDoS attacks.
Choose the right hosting with the ability to change the configuration as needed, make sure you adapt it to the maximum system you are using. On shared hosting, there are few customization options, but if you opt for an advanced hosting solution, you have guaranteed resources and capabilities to customize many things. As I said, the most important thing is that your site works just when it is of the highest interest – increase your resources temporarily when you launch an online campaign and expect a bigger visit (you have a noticeable news or blog article that is massively shared) and then when the rush is over.
Be proactive, or respond as quickly as possible because you may miss out on the potential of the situation you are in.