The following tips probably won’t protect your website from a DDoS attack, but they can help improve its security (and the security of your site’s visitors).
Let's Encrypt
Let’s Encrypt is a non-profit certificate authority that allows you to add HTTPS to your website for free and in an automated way.
HTTP is the protocol that transmits data (such as blog post content) to and from your website. However, this protocol transmits data in an unencrypted way, enabling anyone to potentially intercept it or re-direct the connection to a malicious server. To prevent this, it’s important that connections are encrypted. This can be achieved by adding HTTPS to your website.
Learn how to use Let’s Encrypt to add HTTPS to your website here.
Server Geolocation
Data protection and Internet governance laws and regulations differ from country to country. This means that depending on the laws and regulations of the country that its server is hosted in, your website might get treated differently.
If, for example, the server of your website is hosted in a country that has strong data protection laws, those laws will apply to the data hosted on your website. But if the server of your website is hosted in a country that doesn’t have data protection laws or that authorizes third parties to take down web content under certain legal provisions (for example, because your website hosts content that is perceived as anti-government or illegal), then different protections (if any) can apply to your site. In short, it’s worth considering the laws and regulations of the country in which the server of your site is hosted.