I have a WordPress website with a great enemy! He attacks from WordPress zombies, ddos, query attack. I'm using cloudflare, direct server, 16 cpu.
I've hidden my IP but still server goes down. Is this code helpful?
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^WordPress [NC]
RewriteRule .* - [F,L]
well it sounds like a standard DDOS attack, all you have to do is block the ip address of the attacker. But as in most DDOS attacks there is not just one computer thats sending you the requests. Which means that you cant automatically figure out who's a real user and who's a bot. One way to block this kind of attack is to check how many requests does an ip address send per min or per hour. And then block them accordingly.
For instance you know that a real user can only view around 10-20 pages per minute. So if an ip address requests for more than that amount of page visits you can safely assume that its a bot and then block that ip address. Its not bulletproof but it blocks most of the traffic, and after a few days the attacker might just loose interest.
There is a simple plugin that will get this job done quickly.WP AntiDDOS