Last evening, one of my servers seemed to be quite slow and after a quick investigation, I discovered that one of the websites hosted on the server was under a malicious attack. With the DNS being served by Cloudflare, the first thing I did was log in there and configured the Cloudflare account for that domain to “Under Attack Mode.”
Almost immediately, the server’s performance returned to normal while I investigated further to understand what had been going on. It turned out there was an attack on the WordPress login page by several IP addresses and it was a heavy sustained attack. From log files, I was able to ascertain the IP addresses responsible and block them via the server’s firewall.
Of course, you wouldn’t want to have this on all the time as most visitors would not be happy with a five second interstitial that tells them that their browser is being examined. But when your website is under attack and it is slowing everything else down, it sure does come in handy to have that option.
A Cloudflare account is free although you can upgrade for further protection and features. The free or basic protections though are pretty darn good on its own.