As of April 2026, Protection Against DDoS is a WordPress ddos plugin with 3.0K+ active installations and a 5/5 rating from 4 reviews. It has been downloaded 48K+ times in total. Requires WordPress 3.5.2+ and PHP false+. Available on WordPress.org since 2016. Last updated 5 years ago — may have compatibility concerns. Download volume is stable this week. Top alternative: Cloudflare.
5/54 reviews
3.0K+active installs
48K+total downloads
10 yearssince 2016
Overview
This plugin resolves performance issues caused by brute force attacks described in the WordPress Codex here: https://codex.wordpress.org/Brute_Force_Attacks
From WordPress Codex:
Due to the nature of these attacks, you may find your server’s memory goes through the roof, causing performance problems. This is because the number of http requests (that is the number of times someone visits your site) is so high that servers run out of memory.
A common attack point on WordPress is to hammer the wp-login.php file over and over until they get in or the server dies. You can do some things to protect yourself.
Protection Against DDoS plugin addresses these issues very well.
It also allows to deny access to common WordPress features that get frequently attacked, like xmlrpc or RSS feeds pa…
Screenshots
Ratings & Reviews
54 reviews
5 ★
4
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Recent Reviews
This is absolutely the best DDoS Protection plugin available
by Eli·5 years ago
Our site was being attacked heavily using exactly the technics for which this plugin was creating for. I cannot thank the creator enough for providing it to the public free of charge. Thank you so much for your contribution.
My only concern is that it hasn’t been updated for quite sometime, I really hope it’s not abandoned.
I’m surprised this product doesn’t have more reviews and more downloads, I guess it hasn’t had enough promotion.
Thank you so much @wpchef, please keep it alive!
This Plugin Saved Me
by kcwebguy·6 years ago·1 reply
I was having a major DDOS against a number of my websites… the attack was taking down my entire VPS and affecting my entire business.
I deployed this plugin to all of my sites and saw immediate relief from the attack. I took a screenshot of my load graph with an arrow at the point in time I deployed this plugin.
My thanks to this author for a clever and effective plugin.
- This topic was modified 6 years, 6 months ago by Jan Dembowski. Reason: Deleted link
Serious(ly) Lightweight Extra Security
by Gahapati·9 years ago
When I first came across Protection Against DDoS, I was impressed by the simplicity of the idea and the effectiveness of its execution.
Assuming that DDoS attacks will hardly be carried out by lone hackers armed with web browsers, it’s reasonably safe also to assume that accepting and returning cookies will be among the least of their concerns. In which case the attack is stopped dead in its track very early on, in fact before WordPress is even asked to start up its engine.
When I first tested this plugin, unfortunately it was not compatible with WP Multisite, yet. But within days of pointing this out to the developer, Protection Against DDoS was updated accordingly!
The plugin has earned a permanent resident status in my toolbox!
- This topic was modified 8 years, 11 months ago by Gahapati. Reason: Updated WP Version
Works very well
by 2by2host·9 years ago
We use this when a WordPress site gets bombarded with bogus traffic and see the results within minutes. We can see how HTTP requests drop right after the plugin is installed. This plugin should be a must for any site.
Download Trends
Today: 7Yesterday: 3This week: 32Period total: 1K
Compatibility
| WordPress | 3.5.2+ requiredTested up to 5.4.19 |
| PHP | false+ required |
Version Adoption
v1.5
99.6%
v1.4
0.4%
Top Alternatives to Protection Against DDoS
Frequently Asked Questions
Changelog
1.5.2
- Added access control for autodiscover/autodiscover.xml and wpad.dat.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.