Defensive Mode

WordPress.com offers a built-in “defensive mode” feature to protect your site from spam bots and DDoS attacks. The feature is powered by our global edge network, but it can still be enabled independently of our global edge cache feature.

This feature is available on sites with the WordPress.com Business or Commerce plan. On lower-level plans, defensive mode is managed automatically for you.

It works by issuing an automated browser challenge for visitors to the site. Legitimate users will briefly see a challenge page while their browser completes the work before accessing the site.

This interstitial page is displayed to visitors when Defensive Mode is enabled.

You may enable defensive mode for a limited time (ranging from one hour to 7 days), after which, visitors will not see the challenge page before reaching your website.

Note that WordPress.com staff may enable defensive mode on your behalf if your site is attacked. If this is the case, you will not be able to disable defensive mode from your dashboard. Contact our support if you need assistance.

To enable defensive mode, take the following steps:

Ensure your site is on a Business or Commerce plan.
Visit your Sites page by clicking on the W icon in the upper left corner of your dashboard.
Click on the site title in the list of your sites.
Click on the “Server Settings” tab on the site overview page.
Scroll down to the Defensive mode section.
Select a duration and click the “Enable defensive mode” button. Once the selected duration has been met, defensive mode will be automatically disabled.

Last updated: October 02, 2024