Slowloris outbreak affecting newly updated WordPress sites | Storm Internet

Slowloris is one of the worst types of DOS (Denial-of-service) attacks to which a website can be subjected. To make it even worst, WordPress sites are already the most attacked CMS (Content Management system). In this article, I plan to explain what exactly Slowloris is as well as teach you how you can protect your own WordPress site from being attacked.

To start off, let me explain what Slowloris even is and why it can kill your business. The Exploit Database (https://www.exploit-db.com) defines Slowloris as “Slowloris attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed.” So you can already see how it could destroy your business. It makes your website load incredibly slow; some affected sites claim it made loading times take hours. To make it even worse, Slowloris can be done from a single network whereas other DOS attacks take hundreds or thousands of networks.

Do not go uninstalling WordPress just yet, though. The reason WordPress is vulnerable to this attack is easy to fix even if you are not tech savvy. The solution is as simple as, using cloudfare, enable lazy loading for images, using a cache plugin that allows client side cache, installing Wordfence, and then test and adjust.

Now I am gonna go step by step on how to implement these changes. Please note since we will be affecting a lot of the core functionalities, pleases consult with your web developer before changing anything.

Cloudfare comes with Storm Internet’s hosting solutions.

Cloudfare will help your site identify when an attack is initiated, as well as provide a primary defense against the attack. When this primary defense is activated it also tells Wordfence to “be on the lookout.” Most of the time cloudfare will stop the attack before it ever reaches your site which is why it is a good tool to use. To activate it all you have to do is sign up and click enable.

The second defense is to enable lazy loading for images. Most developers will enable this when they make a site, since it makes a web page load more quickly. What it does is it makes the page only load images when the user is actually looking at the images. Since in a Slowloris attack the web page is never viewed or scrolled this will reduce the resources it consumes making it more difficult to slow your site. Plus it will just make pages load faster for your users.

To add, just go to Add New Plugin and search for “lazy image loading.” As for which plugin to use, it depends on your site’s coding. Please also keep in mind most developers will enable this while building your site.

Using a cache plugin that enables client side cache is your biggest defense of all. This will make each request the attacker attempts use less and less resources every time they hit your site. Plus this will make your site load more quickly for your visitors. This step is not for beginners however, since it greatly depends on your website. Just let your web developer know you want to enable client side cache and they will know what to do.

Lastly, you will want to install Wordfence. Wordfence is a free WordPress plugin that builds a firewall for your site. It is efficient at detecting DOS attacks and will stop them in their tracks by denying access to the IPs used in the attack after about 10 request. Wordfence plus cloudfare is the ultimate defense against the Slowloris attack.

To add Wordfence go to Add New Plugin and search for Wordfence.

Just click “enable” under options and it will start protecting your site as soon as you click “save.”

Now, after all that is done and after about 24 hours so everything has time to fully activate and integrate, we need to test your defense. To test your defense you will need the Kali Linux Operating system which is on kali-linux.org.

To start the test open up your terminal in linux and use the script “nmap –script http-slowloris –max-parallelism 400 [website] -vv”.

Where it says website you put in your url “www.yoursite.com”, this is a real attack which is why we say only to send 400 hits so that you will not risk damaging your site but will send enough to test your defense.

If all you see is 0.00% done and it does not rise after multiple lines that means your defense worked. This does not protect you from massive attacks such as if thousands of networks attack you at once, however, it will protect you from the average WordPress hacker.

For more information on how Storm Internet can help protect your WordPress web site with our Managed WordPress Hosting packages, get in touch by clicking here or call us on 0800 817 4727