A slide and press the presentation in WP Suomi seminar. Slide text: How does a typical DDoS on a WordPress installation happen?

- A search-based DDoS attack by bypassing the cache
- Attacker sends a large volume of unique search queries so responses never hit the cache example ?s=something-xyz
- Each request becomes a cache miss, forwarded from network edge
- WordPress runs PHP + WP_Query for every request often triggering expensive database work.
- Repeated heavy queries exhaust CPU, memory and DB capacity so the website slows and eventually crashes.
- This is an Application-layer (Layer 7) HTTP flood that mimics normal user traffic.
- Key signals to look out for: huge spikes of /?s= requests in the logs, very high query entropy, cache-hit rate collapses.

Cache-busting search queries force every request through the database, turning cheap HTTP calls into expensive backend load.
A slide and press the presentation in WP Suomi seminar. Slide text: How does a typical DDoS on a WordPress installation happen? - A search-based DDoS attack by bypassing the cache - Attacker sends a large volume of unique search queries so responses never hit the cache example ?s=something-xyz - Each request becomes a cache miss, forwarded from network edge - WordPress runs PHP + WP_Query for every request often triggering expensive database work. - Repeated heavy queries exhaust CPU, memory and DB capacity so the website slows and eventually crashes. - This is an Application-layer (Layer 7) HTTP flood that mimics normal user traffic. - Key signals to look out for: huge spikes of /?s= requests in the logs, very high query entropy, cache-hit rate collapses. Cache-busting search queries force every request through the database, turning cheap HTTP calls into expensive backend load.