You Deserve to Know What We’re Doing to Keep Your Sites Online
You may have noticed some sluggishness on your site in mid-December. We want to be transparent about what happened and what we’ve put in place since then.
What Happened: When Bots Nearly Broke Our Servers
In mid-December, automated bots began generating thousands of malicious requests per hour against sites on our servers. These weren’t real visitors — they were scanners hunting for security vulnerabilities.
The problem is that each request still costs resources. Even a rejected attack makes the server check WordPress files, query the database, and consume memory and CPU cycles. With 30–50 WordPress sites per server, thousands of bogus requests per hour was enough to deplete resources available for legitimate visitors — causing load spikes, PHP processes maxing out, and temporary slowdowns or timeouts.
The Challenge: Cloudflare Was a Blindspot
Some of our customers use Cloudflare to proxy their traffic — it’s a great tool and we support it. To make that work, Cloudflare’s IP ranges are whitelisted on our servers so their traffic is never blocked. The problem: when attackers routed requests through Cloudflare’s proxy, those requests arrived wearing Cloudflare’s IP address and sailed straight through our firewall unchallenged. The real attacker was hidden behind a trusted face, and our standard IP-based blocking had no way to tell them apart from legitimate visitors.
Our Solution: Multi-Layer Protection
We’ve put four automated layers in place.
1. Real Attacker Identification
We reconfigured our web servers to extract actual visitor IPs from behind Cloudflare and similar proxies, so we can see who’s really knocking.
2. Intelligent IP Blocking
Bad actors are now blocked at the web server level — before they ever consume PHP processing power or touch a database. A blocked attacker gets an immediate connection termination with zero resource cost to the server. We’re currently blocking 270+ known malicious IPs, with the list expanding automatically.
3. Attack Pattern Recognition
IP blocking alone isn’t enough, because determined attackers rotate addresses. So we’ve added pattern recognition that blocks requests targeting:
- Known hacking tools and webshells
- Suspicious file names that no legitimate visitor would ever request
- Common vulnerability scanners
- Known exploit attempts
110+ malicious patterns are now active, catching attacks regardless of which IP they come from.
4. Automated Learning
The system actively monitors logs, identifies emerging attack patterns, and updates the blocklists automatically — without us having to manually review tens of thousands of log entries. It learns and adapts as attacks evolve.
The Results: Your Sites Are Protected
Since deploying these protections, every single day:
- 30,000+ malicious requests blocked before reaching your site
- 270+ attacking IPs instantly rejected at the front door
- 1,300+ malicious file requests stopped dead
- 50+ minutes of CPU time preserved for real visitors
The broader outcomes:
- Server load normalised — dropping from a critical 15+ down to a healthy 1.5
- PHP resources are available for actual customers again (84% reduction in wasted processes)
- Zero service interruptions since deployment
- Faster response times for legitimate traffic
What This Means for You
Nothing looks different from your end — your site just works. But behind the scenes, approximately one malicious request is being blocked every 2.8 seconds, continuously. Every one of those blocked requests is server headroom preserved for your visitors.
Our Commitment: Continuous Improvement
We’re not treating this as a one-time fix. Ongoing work includes:
- Monitoring attack patterns and getting ahead of emerging threats
- Expanding blocklists as new malicious IPs surface
- Refining pattern detection as attack methods evolve
- Analysing performance to ensure the protection adds negligible latency
Automated attackers constantly probe for weaknesses and they won’t stop. But that’s not your problem to worry about — it’s ours.
Transparency Matters
We could have quietly resolved this and said nothing. We didn’t, because we think you deserve to understand:
- What went wrong — bot attacks overwhelmed server resources
- How we fixed it — multi-layer automated protection
- How we’re preventing recurrence — continuous monitoring and improvement
You trust us with your website. That means we owe you speed, security, and availability — and we owe you honesty when something challenges that.
If you have questions about our security measures or want to know more about what we’re doing under the hood, get in touch — we’re happy to walk you through it.