Behind the Scenes: How We’re Protecting Your Websites From 30,000+ Daily Attacks

You Deserve to Know What We’re Doing to Keep Your Sites Online

If you noticed some brief slowdowns a few weeks ago, we want to be transparent about what happened—and more importantly, what we’ve done to make sure it never happens again.

What Happened: When Bots Nearly Broke Our Servers

In mid-December, our monitoring systems detected something alarming: automated bots were hammering our servers with thousands of malicious requests every hour. These weren’t legitimate visitors to your websites—they were automated scanners searching for security vulnerabilities, trying random URLs, looking for ways to break in.

Here’s what made it serious: even though these were fake requests that ultimately failed, each one still forced our servers to:

  • Spin up processing power
  • Check WordPress files
  • Query databases
  • Consume memory and CPU time With 30-50 WordPress sites on each server, those thousands of bogus requests were choking out the resources available for your legitimate visitors. Server load spiked, PHP processes maxed out, and for a brief period, some customer sites experienced slowdowns or timeouts. That’s completely unacceptable to us. You’re paying us to keep your sites fast and online, not to waste resources entertaining bots. The Challenge: Seeing Through Cloudflare Here’s where it got tricky: many of you use Cloudflare for added security and speed (which is great!). But Cloudflare acts as a “middleman” between visitors and our servers, which meant when we looked at our logs, we couldn’t see the real attackers—only Cloudflare’s IP addresses. It’s like trying to stop prank callers when everyone’s number shows up as “Unknown Caller.” You can’t block them without blocking everyone. We needed to find a way to identify the real troublemakers behind Cloudflare and stop them without affecting legitimate traffic. Our Solution: Multi-Layer Protection We built a comprehensive security system with four key components:
  1. Real Attacker Identification We configured our web servers to properly extract real visitor IPs from behind Cloudflare and other proxies. Now when an attacker tries to hide behind these services, we can see exactly who they are.
  2. Intelligent IP Blocking Once we could see real IPs, we started blocking the bad actors—but here’s the important part: we block them instantly at the web server level, before they can consume any of your PHP processing power or database resources. When a blocked attacker tries to hit your site:
  • Request arrives
  • Our system recognizes the bad IP (takes less than 1 millisecond)
  • Connection dropped immediately
  • Zero impact on your site’s resources We’re currently blocking 270+ known malicious IPs, and the list grows automatically as we identify new threats.
  1. Attack Pattern Recognition IP blocking alone isn’t enough—attackers constantly rotate their IPs. So we also built pattern recognition that blocks requests based on what they’re trying to access:
  • Known hacking tools (webshells, file managers)
  • Suspicious file names that legitimate visitors would never request
  • Common vulnerability scanners
  • Exploit attempts We’re blocking 110+ malicious patterns that catch attacks regardless of what IP they come from.
  1. Automated Learning The system doesn’t just sit static—it actively monitors our logs, identifies new attack patterns, and automatically adds persistent offenders to the blocklist. It learns and adapts without us having to manually review tens of thousands of log entries. The Results: Your Sites Are Protected Since deploying this system, here’s what’s happening every single day:
  • 30,000+ malicious requests blocked before they touch your sites
  • 270+ attacking IPs instantly rejected
  • 1,300+ malicious file requests stopped
  • 50+ minutes of CPU time saved (time that now goes to serving your legitimate visitors) More importantly:
  • ✅ Server load back to normal (dropped from critical 15+ to healthy 1.5)
  • ✅ PHP resources available for your actual customers (84% reduction in wasted processes)
  • ✅ Zero service interruptions since the system went live
  • ✅ Faster response times for legitimate traffic What This Means for You You won’t notice anything different—and that’s exactly the point. Your sites just work, your visitors get fast response times, and you don’t have to worry about it. But behind the scenes, we’re blocking an average of one malicious request every 2.8 seconds, 24/7. Every single one of those blocked requests would have consumed server resources that we can now dedicate entirely to your legitimate visitors. Our Commitment: Continuous Improvement This isn’t a “set it and forget it” solution. We’re continuously:
  • Monitoring attack patterns to stay ahead of new threats
  • Expanding our blocklists as new malicious IPs emerge
  • Refining pattern detection to catch evolving attack methods
  • Analyzing performance to ensure the protection adds no noticeable latency The internet is full of automated attackers constantly probing for weaknesses. They’re not going away. But you shouldn’t have to think about them—that’s our job. Transparency Matters We could have just quietly fixed this behind the scenes and never mentioned it. But we believe you deserve to know:
  1. What went wrong (bot attacks overwhelmed server resources)
  2. How we fixed it (multi-layer automated protection)
  3. What we’re doing to prevent it (continuous monitoring and improvement) When you trust us with your web hosting, you’re trusting us to keep your sites fast, secure, and online. When something threatens that, we take it seriously, fix it properly, and tell you about it. Questions? If you have any questions about our security measures or want to know more about what we’re doing to protect your hosting, don’t hesitate to reach out to our support team. We’re always happy to discuss what’s happening behind the scenes to keep your sites running smoothly. Thank you for trusting us with your web hosting. We don’t take that responsibility lightly.

The Bottom Line: Your hosting service is now protected by a system that blocks over 30,000 malicious requests every day, automatically learns from new threats, and ensures server resources go to your legitimate visitors—not bot attacks. And we’re constantly improving it.