One common way in which hackers launch a DDOS on a wordpress site is to set GET requests for a search term “/?s=some-random-text”. Each request is processed by the server by checking in the database and returning a 404 result. Hundreds and thousands of these requests every second overwhelms the server and it is unable to process any requests