Ecommerce Shopify WordPress Discussion

How to rate limit visitors voluntarily opening hundreds of tabs?

I am recently facing an issue with some haters opening hundreds of tabs on my website to put it down. It's a Wordpress website hosted on a VPS with a 12 threads CPU and 48 GB memory with PHP 8.1. It uses LiteSpeed cache for both logged in and out users, with some private cache rules for ajax-based page fragments. When they attack, the CPU load stay at 100% for multiple hours and the website is broken (with connections to the DB not working). It's protected with Cloudflare free plan but the problem is that it's seen as legitimate visitors when it's not really. I can't find a clean solution to limite a single IP address to a maximum of XX requests per second or minute. The only thing I found on stackoverflow is a PHP script to store vars in $_SESSION but I'd like to prevent this approach if you have something better to propose. I asked the question on webmasters.stacjexchange but they kindly closed it since it's about programming for them so please do not send me to another stack-exchange subsite.
CloudFlare has rate limiting per IP, which wouldn't care whether the traffic is considered legitimate or not. If you're using a framework, many (such as Laravel) have built-in rate limiting which typically uses middleware and a cache server (eg redis) to keep track of how many requests come from each IP - see https://laravel.com/docs/10.x/rate-limiting As @ceejayoz says in the comments on the post, 'hundreds' of requests shouldn't be enough to bring down your site so it's probably a good time to have a look at bottlenecks in your code. For example, one frequent bottleneck is connecting to your database over a non-local IP.

January 27, 2024

Our products

The help you need, when you need it

App by Turbo Engine

3 apps • 5.0 average rating

Turbosify Speed Booster

5.0 (7)
Get better conversions by optimizing shopify store Google page speed Installed

Turbosify Translator for Wordpress Woocommerce

5.0 (74) Free Wordpress Woocommerce Plugin
Translate your wordpress website to multiple language within 1 click, no configuration needed, no No technical required

Grow your business here

Whether you want to sell products down the street or around the world, we have all the tools you need.