“Sucuri offers an affordable and beyond effective tool to combat DDoS attacks, bad bots, and any type of malicious traffic.”

I would definitely recommend Sucuri to other businesses. One of the biggest reasons comes down to time. Businesses don’t have time and shouldn’t spend time fixing issues like these. They should spend time growing their business and let Sucuri do what it does best. Sucuri offers an affordable and beyond effective tool to combat DDoS attacks, bad bots, and any type of malicious traffic.

About

Founded in 2013, and based out of Los Angeles, London, and Budapest, Kinsta is one of the fastest growing managed WordPress hosts on the market. They typically deal with enterprise, high-traffic, and demanding sites which require superior performance, but they now have entry-tier plans for bloggers and small businesses just starting out. They believe that constant availability, scalability, and outstanding user experience are a must. Some of their clients include companies such as GE, Intuit, AdEspresso, Workforce, Mint, and Swagway.

Kinsta was the first managed WordPress host to be exclusively powered by Google Cloud and LXD orchestrated Linux containers, which allow for complete isolation of each site and autoscaling for sudden traffic surges.

The Challenge

Brian Jackson, Director of Inbound Marketing at Kinsta works with a particular client and developer that runs a small, digital download ecommerce site which sells a premium WordPress plugin.

They don’t have a significant amount of traffic or use a lot of bandwidth, typically only 30-40 MB a day. However, out of the blue one day it started getting hit with 15-19 GB of data transfer per day. Thankfully the client quickly noticed this on the MyKinsta dashboard.

After looking into the client’s logs and utilizing their new MyKinsta analytics tool, the past 7 days (shown above) that the ecommerce site’s /account/ page had been requested 5,110,00 times and produced a total of 66 GB of traffic. That is from a site that typically generates a little over 1 GB of total data in an entire month.

Many of the top IPs hitting the site were generating over 10,000 requests in a short amount of time. This is not good!

Quickly, Brian and team tried changing the ecommerce site’s /account/ URL to something different.

Sometimes security by obscurity works with WordPress, but not always. This ended up only masking the problem until the attacks started popping up on another area on the site.

Some hosts might recommend utilizing a security plugin, however, here at Kinsta, we usually don’t allow these types of plugins in our environment due to the fact that they have a serious impact on the site’s performance. Secondly, since they utilize load balancers on top of Google Cloud Platform, a lot of their IP blocking functionality wouldn’t work as intended.

Of course, IPs can always be blocked by our Kinsta support team, but depending upon the length and scale of the attack, this could be a never-ending process of blocklisting IPs, which in most cases doesn’t solve the problem fast enough for the client.

Brian and team also quickly tried moving the site to Cloudflare’s Pro Plan, to take advantage of their rate-limiting rules. However, while it seemed to slow down the attacks slightly, it only made a small dent into the real problem which seemed to be mounting by the minute.

The traffic was eating up a significant amount of bandwidth. Kinsta charges by visitors, but figuring out what suddenly increased the bandwidth by over 4,000% had to be resolved. This was important not only to us, but also from a reporting and performance perspective for the client. Bandwidth is always a datapoint to look at when troubleshooting what might be slowing down a site. Bandwidth increases must be resolved promptly so that sites perform at their best without any negative data to skew their analytics.

Being a hosting company, Kinsta had known about Sucuri for a long time, regularly referring people to both Cloudflare and Sucuri, as well as keeping tabs on security services and tools that could help their clients and make Brian’s job easier. Although being an affordable solution was important, it paled in comparison to the necessity of simply getting the issue resolved fast. The effectiveness of the platform and security solution was of the utmost importance.

Solution

Once the site was moved to Sucuri, the problem was identified as a mixture of XML-RPC (CMB), bad bots (BNP), and DDoS attacks.

An hour after the DNS finished propagating, all of the bandwidth and bad requests instantly dropped on the client’s site and there hasn’t been a single issue since.

So you could definitely say that Sucuri did its job! We only wish we had moved sooner before wasting time prior on other troubleshooting methods.

The client’s ecommerce site returned back to its normal 30-40 MB of data transfer per day. Sucuri was able to filter out pretty much 100% of the bad traffic.

From signup to configuration, the entire process probably took less than 30 minutes – DNS propagation time not included.

Everything was painless and Sucuri’s documentation made everything pretty easy. My expectations were definitely met! We actually tried implementing Cloudflare first, along with their new rate limiting, and this did not succeed in stopping the malicious traffic. So in this instance, you can say that Sucuri won!

The “emergency DDoS” protection, along with aggressive bot filtering and advanced evasion detection, are what Brian attributes to having helped them out the most. Simply one-click enabling fixed everything.

The real-time view along with tagging and one-click blocklisting was also really helpful! Just a few minutes spent in here can do wonders. You can also get a better understanding of just what type of traffic, and from where, is hitting your site.

Results

Brian believes that the most important value Sucuri brings to Kinsta is having another solution in their toolbelt that they can rely upon when attacks like these happen. The problem was solved instantly after moving, saving a tremendous amount of time in troubleshooting. Having great and trustworthy solutions that Brian can confidently recommend to his clients gives him a great competitive edge.

We want our clients to be happy and never be in a situation where they feel like their website is not safe or ending up with a giant overage bill due to malicious traffic eating up bandwidth.

Note: Many of our loyal customers are part of our referral program and earn money by referring new customers to Sucuri. It is our goal to provide such excellent service that you want to share it with others. Learn more about our referral program or contact us if you wish to be featured in a case study!