Yeah they do DoS mitigation I believe automatically. Also I’m sure if you wanted to pay for it they have a service.
I have been running a lot of servers manually for a long time on a ton of different hosts from Godaddy shared, Linoid, Digital Ocean, AWS, Google Compute. I have only one time had to deal with the beginnings of a DoS attack, and I seriously just popped over to Cloudflare, paid the $20 to get the first non-free level account and put it on high alert mode where they filter every drop of your traffic for as long as you want, left it like that until I found the bug in the code that was allowing it to happen. (It was a site we were just hosting for someone and making updates to we didn’t code it)
See the thing about DoS is, they aren’t targeting you in particular (unless you are dealing with a HUGE company with rivals all going for the same web keywords/traffic, then it can get ugly think bot wars…) but if your in that position then your gonna have someone dealing with it 24/7 monitoring. So DoS works like, your site gets port scanned or vuln scanned along with 1000’s of other sites, then the ones with the known vulnerabilities get put on a list and attacked by bots until they either protect it, patch it, or move it. If you use an up to date Wordpress, non-shady up to date plugins, don’t make your username admin, and have a strong rated password. Install Wordfence and Scurii too if your really paranoid and want a failsafe, and force SSL admin 100% of the time. Your good 99.9% of the time.
Now that being said… I 100% agree with everything Doug said, if you don’t know the command line like a second language and you don’t know the linux distro you are working with, if you never provisioned and fully configured a VPS from scratch yourself and had it work and not get hacked, if you don’t know about IP tables rules, then you should not being running your own server without help.
Period the End, I don’t care if you have Trellis and it sets up everything for you, what’s gonna happen when the next heartbleed happens and you have no clue what people are talking about when people are explaining how to patch it, or if like Ialo said sudo apt-get update and everything breaks (I use debian normally so I actually feel like I could run apt-get update with my eyes closed and still be ok), it’s just not worth it, for a couple bucks more let someone else handle it for you, your site and the web will thank you for it because it’s one less VPS that has been turned into a DoS drone without you knowing because you left SSH on for root.
If you are gonna run your own VPS it’s really not that hard but if you aren’t interested in spending HOURS learning this stuff just pay the 20 extra a month for managed hosting.
Last thoughts for everyone, it’s not about making a server that will never get hacked or break, it will, trust me… It’s all about having a backup plan in place for your database and your website files, so that when your server does break or get hacked, you just hit a couple buttons and your back up.
Monitoring & Backups is what you need, if you don’t know within 5 minutes of your site going down and have a full backup somewhere else ready to restore/re-provision your not doing it right.