WordPress.com offers a built-in “defensive mode” feature to protect your site from spam bots and DDoS attacks.
This feature is available on sites with the WordPress.com Business and Commerce plans. If you have a Business plan, make sure to activate it. For sites on the Free, legacy Pro, Personal, and Premium plans, upgrade your plan to access this feature.
In this guide
Have a question?
Ask our AI assistantDefensive mode works by issuing an automated browser challenge for visitors to the site. Legitimate users will briefly see a “Checking your browser…” screen while their browser completes the work before accessing the site.
You may enable defensive mode for a limited time (ranging from one hour to 7 days), after which, visitors will not see the challenge page before reaching your website.
Note that WordPress.com staff may enable defensive mode on your behalf if your site is attacked. If this is the case, you will not be able to disable defensive mode from your dashboard. Contact our support if you need assistance.
To enable defensive mode, take the following steps:
- Visit your Sites page.
- Click on the site title in the list of your sites.
- Click on the Settings tab on the site overview page.
- Scroll down to the Server section.
- Click on Defensive mode.
- Select a duration and click the “Enable defensive mode” button. Once the selected duration has been met, defensive mode will be automatically disabled.
