In the past few years an Apache server I work with has always consistently been brute forced and hit with DDoS attacks causing the server to go down and having to reboot to bring it back online.

We tried all kinds of things including setting MaxClients in Apache and using WordPress security plugins such as WP Cerber. Both of these helped, and we still use WP Cerber till this day but never solved the root problem.

What finally fixed this issue for us was installing Cloudflare. Cloudflare acts as a middle man between the client/user and the server where your website lives. When a visitor visits your site, Cloudflare serves the client/user a cached version of your website through it’s CDN (content delivery network). A CDN in layman’s terms is just a bunch of servers around the globe that has a copy of your website sitting in them. When a visitor visits your website, they download your website from the server closest to them geographically. This design is also how Cloudflare can detect malicious traffic, intercept DDoS (distributed denial-of-service) attacks, defect bot attacks, and contain spam.