When your WordPress site slows down, breaks under traffic, or starts throwing strange errors, it can be hard to tell whether it’s a simple hiccup—or something more serious. One possibility many site owners overlook? A DDoS attack.
DDoS (Distributed Denial of Service) attacks can show up in subtle ways before taking down your site. At WP Farm, we built a simple 3-tier DDoS & outage severity scale to help you understand what’s happening when traffic gets weird—and what we’re doing behind the scenes to keep your site live.
In this post, we’ll explain how the threat scale works, what each level means, and what actions we take at every stage. We’ll also share how you can tell when your site is under attack, and what you can do about it.
Why a Clear DDoS Severity Scale Matters
For site owners, uncertainty is the worst-case scenario. You’re wondering if the issue is a plugin, your host, or something external. Meanwhile, users are bouncing, pages are breaking, and your marketing campaigns lose traction.
By using a color-coded system—Green, Yellow, and Red—we bring transparency to what’s happening and help you know what to expect. This is especially useful when:
Bots are crawling aggressively
Monitoring tools (like AHREFS or GTmetrix) fail
Certain regions show slowness or broken elements
You’re in the middle of a marketing push or product launch
This system lets your team stay calm, aligned, and focused.
Need fast support now? Talk to WP Farm — we’re on call for anything WordPress-related.
🟢 Level 1: Normal / Low-Level Threat
At Level 1, everything is running normally. You might see small traffic spikes or automated crawlers poking around, but there’s no real disruption.
What You Might Notice:
A small increase in bot activity
A slight slowdown on analytics tools
No impact on visitors or real users
What’s Happening:
This is background noise. Every website gets hit with a bit of bot traffic. Think of this as digital static—search engine bots, site scanners, maybe some light probing.
What WP Farm Does:
Standard WAF (Web Application Firewall) rules remain in place
No action needed
Activity logged and monitored
If you’re curious about your site’s baseline traffic, our WordPress care plans include ongoing monitoring and security reviews.
🟡 Level 2: Active Interference / Elevated Threat
Here’s where it gets more noticeable. Your site is still up, but now you’re seeing performance issues, bots getting blocked, or assets not loading.
What You Might Notice:
AHREFS or GTmetrix shows crawl errors
Images don’t load or take longer than usual
Backend access slows down
Country-specific traffic behaves inconsistently
What’s Happening:
This usually means there’s a low-volume or narrow-range DDoS attack underway. It’s not enough to knock your site offline, but it is causing friction. The firewall is deflecting most of the traffic, but the load is enough to cause strain.
What WP Farm Does:
Elevates your firewall to challenge mode or rate-limiting
May introduce JavaScript or CAPTCHA challenges for non-human traffic
Logs are reviewed for source patterning (IP, ASN, country)
Defenses are tuned without blocking real users
At this stage, we rely on you to flag anything odd. If you’re seeing broken elements or strange access patterns, submit a support ticket.
🔴 Level 3: High Impact / Service Disruption
This is where things hit hard. Your site might be down entirely, throw 5xx errors, or feel completely unresponsive.
What You Might Notice:
Website is unreachable or very slow
WP admin locked out
Cloudflare shows service errors
DNS checkers report timeouts or failures
What’s Happening:
This is a full-scale DDoS event. Attackers are flooding your site or its DNS layer with requests, trying to make it inaccessible to real users. In some cases, even backend tools and server monitors get cut off.
What WP Farm Does:
Activates full “under attack” mode via Cloudflare or custom firewall
Applies IP and ASN blocks
May temporarily restrict access by country or challenge all non-cached requests
Coordinates directly with server-level and CDN-level defenses
During this level, communication is key. We stay on top of every alert and reach out as needed. You’re always welcome to ping our team if you think something has escalated.
How We Explain This to Clients
We refer to this system as the WP Farm Threat Level:
Green: Normal operation
Yellow: Elevated threat, defenses active
Red: Site under full attack
You might hear us say:
“You’re currently at Level 2 – Elevated Threat. Your site is online, but some tools may show errors due to increased filtering.”
This shorthand gives your team a shared vocabulary to communicate risk without having to parse technical logs.
What You Can Do During Each Level
✅ Level 1 – Stay informed
Monitor your analytics and uptime tools
Keep your WordPress core, plugins, and themes updated
✅ Level 2 – Notify us
Report broken image links, bot errors, or admin slowness
Avoid launching high-traffic campaigns while filtering is elevated
✅ Level 3 – Stay calm
We’re already responding
You may see a temporary block when trying to access WP Admin or external tools
Don’t try to “fix” it yourself — changing plugins or settings can break recovery protocols
What’s Behind the Scenes: WP Farm’s Infrastructure
Our DDoS mitigation strategy blends several layers:
Cloudflare Business-level protections (available to all sites we manage)
Server-level filtering via IP tables and application-level firewalls
Geographic controls that throttle attacks by region
Rate limiting rules that filter based on behavior, not just source
This allows us to protect you without interrupting real users. Our team constantly refines these rules based on live traffic conditions and threat intelligence.
Related Services
WordPress Care Plans: Daily monitoring, updates, backups, and security management.
Free Blacklist Checker: Check if your domain or IP is flagged.
DNS Lookup Tool: Global DNS scan to troubleshoot issues fast.
FAQs
Q: Will I be notified when a DDoS is happening?
Yes, if we detect activity at Level 2 or 3, we’ll notify your team and document actions taken.
Q: Can I view DDoS logs or reports?
We can provide filtered Cloudflare telemetry or server logs upon request.
Q: Should I upgrade to Cloudflare Enterprise?
For most WP Farm clients, our business-level protection is sufficient. For high-risk clients (news, finance, political), we’ll make a recommendation.
Q: Do I need to pause AHREFS or SEMrush during an attack?
You might. At Level 2 or higher, these tools can be blocked by our defenses. Let us know and we can create temporary allowances.
Next Steps
If you suspect an outage or your tools are throwing errors:
Check your site in an incognito window
Use our DNS lookup tool to verify resolution
Submit a support request with any logs or screenshots
We’re here to keep your site online—no matter what the internet throws your way.
