I had this same problem today. I literally have TWO users and no real traffic to speak of. To say that I hit some limit is laughable. My site was obviously a victim of some sort of external attack. I find it odd that this hosting service views this issue more from a “their user is abusing their free site” perspective and not really considering the fact that DDOS attacks and other forms of network and website attacks exist.
What really surprised me was that it appears that you get ONE chance for a reprieve, are told to backup your data, and that you most likely won’t be reprieved again… so backup and download your data or else! I don’t know about you, but that came across as very daunting to me. I pleaded my case, saying that it wasn’t my fault and that external spammers are obviously mucking with my little tiny WordPress blog site. I didn’t really get anywhere as far as “we can protect you this way” or “you can protect yourself this way”. Instead, I felt like I was being up sold to the pay service. My site isn’t worth paying for, so I wasn’t finding this to be acceptable.
What I liked:
-My site was released and I was able to access it and back it up.
What I didn’t like:
-Feeling vulnerable and completely at the mercy of some external hackers being able to shut my site down
-Not being provided some options for protecting myself from external attacks
-The free service automating these limitations and pushing a hard shutdown on my site and treating me like I’m abusing their service without providing some explanation or solution to help me avoid it happening again
-Feeling mostly like I was being told, “Oh well, don’t like it? Upgrade.”
What I did to address my issue (that YOU may want to try too):
I’m not sure if it will protect my site from future attacks, but I thought I’d share the following in case you find it useful… and in case it does protect your site
I work for Oracle and I am an Enterprise Architect / programmer, so I tend to be a more savvy user of web technologies. That being said, I am not really a WordPress person and I’m used to completely controlling my hosts, rather than going through user interfaces that provide a certain experience that offers me far less control. It sort of leaves me in a more helpless position overall, so I’m not generally totally aware of all my options
In my initial research, I used the Stop Spammers spam plugin’s Protection Options>Block Countries. I selected all countries so that the plugin would be more judicious when allowing connections
I created a Cloudflare free account and installed the WordPress Cloudflare plugin on my site, I configured it to connect using an API key and set “Under Attack Mode” to ON (plugin and Cloudflare site), which protects against all sorts of connection attacks, including DDOS attacks. See image below for new user request
I am hoping that the combination of these steps will result in thwarting external forces from causing my sites to overrun site limitations going forward.
Apparently, Cloudflare caches their customers’ websites, which greatly speeds them up! So, I also benefited from a serious performance boost on top of it all.
Perhaps you can research this information and confirm that it helps protect against DDOS attacks on your site, and assists people by avoiding this limit issue in the first place.