Skip to main content
All CollectionsShifter security features explainedDDoS
Does Shifter defending against Layer 7 DDoS attacks?
Does Shifter defending against Layer 7 DDoS attacks?

Mitigating the risk of a Layer 7 DDoS attack against your WordPress site.

Tomohyco Tsunoda avatar
Written by Tomohyco Tsunoda
Updated over a week ago

Not all DDoS attacks are created equal, especially Layer 7 attacks.

What is a Layer 7 attack?

Most DDoS attacks is a malicious spike in traffic to your website or application. The traffic spikes is rapid and typically from a few origins which are easy to detect, block and mitigate. These attacks can be targeted at a particular site or an entire hosting provider.

The difference between most DDoS attacks and Layer 7 DDoS attacks is the origin and rate of traffic.

Layer 7 attacks use a much wider network and a lower rate. It's designed to appear like normal traffic. For example, instead of traffic coming from a few origins it's distributing that traffic to thousands or millions of origins. This is also known as an HTTP Flood.

How does Layer 7 affect WordPress sites on Shifter?

Layer 7 attacks designed for WordPress are known to exploit the Ping and the WP REST API as well as other features.

Attacks on those services do not affect WordPress sites hosted on Shifter for a few reasons.

Shifter will serve and host a completely static version of the WordPress site. The static HTML, JS, and CSS version will not respond to or support Ping, POST, or REST API requests.

In short, Layer 7 attacks are not relevant to Shifter sites.

What about Layer 3 and 4 attacks?

Shifter protects your site from those as well. Every site we host comes with DDoS protection for these types of attacks.

This features is enabled by default and offered at no additional cost.

Did this answer your question?