diff --git a/files/helpers/settings.py b/files/helpers/settings.py
index a34de577f..242b45538 100644
--- a/files/helpers/settings.py
+++ b/files/helpers/settings.py
@@ -7,15 +7,16 @@ import gevent_inotifyx as inotify
 from files.helpers.config.const import *
 
 _SETTINGS = {
+	"login_required": False,
+	"under_attack": False,
 	"bots": True,
 	"fart_mode": False,
 	"read_only_mode": False,
 	"offline_mode": False,
 	"signups": True,
-	"login_required": False,
 	"under_siege": False,
 	"dm_images": True,
-	"under_attack": False
+	"ddos_detected": False
 }
 
 def get_setting(setting:str):
diff --git a/files/routes/jinja2.py b/files/routes/jinja2.py
index c4e6aa33b..8964c2bf0 100644
--- a/files/routes/jinja2.py
+++ b/files/routes/jinja2.py
@@ -81,16 +81,12 @@ def calc_users():
 		else: mul = 1
 
 		if loggedout_counter > (loggedin_counter * mul):
-			if not get_setting('login_required'):
-				toggle_setting('login_required')
-			if not get_setting('under_attack'):
-				toggle_setting('under_attack')
+			if not get_setting('ddos_detected'):
+				toggle_setting('ddos_detected')
 				set_security_level('under_attack')
 		else:
-			if get_setting('login_required'):
-				toggle_setting('login_required')
-			if get_setting('under_attack'):
-				toggle_setting('under_attack')
+			if get_setting('ddos_detected'):
+				toggle_setting('ddos_detected')
 				set_security_level('high')
 
 
diff --git a/files/routes/wrappers.py b/files/routes/wrappers.py
index 094d34f50..e644275e0 100644
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@@ -99,7 +99,8 @@ def auth_desired(f):
 def auth_desired_with_logingate(f):
 	def wrapper(*args, **kwargs):
 		v = get_logged_in_user()
-		if get_setting('login_required') and not v: abort(401)
+		if not v and (get_setting('login_required') or get_setting('ddos_detected')):
+			abort(401)
 
 		if request.path.startswith('/logged_out'):
 			redir = request.full_path.replace('/logged_out','')
diff --git a/files/templates/admin/admin_home.html b/files/templates/admin/admin_home.html
index e9ce11322..9c7d34d45 100644
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@@ -120,9 +120,10 @@
 
 {% if v.admin_level >= PERMS['SITE_SETTINGS'] %}
 	{% for setting in SITE_SETTINGS.keys() %}
-		{% if not (setting == "offline_mode" and v.admin_level < PERMS["SITE_OFFLINE_MODE"]) %}
+		{% if not (setting == "offline_mode" and v.admin_level < PERMS["SITE_OFFLINE_MODE"]) and setting !="ddos_detected" %}
 			<div class="custom-control custom-switch{% if loop.index > 1 %} mt-1{% endif %}" id="settings-{{setting}}-container">
-				<input autocomplete="off" type="checkbox" class="custom-control-input" id="settings-{{setting}}-checkbox" {% if SITE_SETTINGS[setting] %}checked{% endif %} data-nonce="{{g.nonce}}" data-onchange="postToastSwitch(this, '/admin/site_settings/{{setting}}');">
+				{% set disabled = (setting in ("under_attack", "login_required") and SITE_SETTINGS["ddos_detected"]) %}
+				<input {% if disabled %}disabled checked{% endif %} autocomplete="off" type="checkbox" class="custom-control-input" id="settings-{{setting}}-checkbox" {% if SITE_SETTINGS[setting] %}checked{% endif %} data-nonce="{{g.nonce}}" data-onchange="postToastSwitch(this, '/admin/site_settings/{{setting}}');">
 				<label class="custom-control-label" for="settings-{{setting}}-checkbox">{{setting.replace('_', ' ').title()}}</label>
 			</div>
 		{% endif %}
diff --git a/files/templates/login/sign_up.html b/files/templates/login/sign_up.html
index af4b361db..0b26b3cd4 100644
--- a/files/templates/login/sign_up.html
+++ b/files/templates/login/sign_up.html
@@ -12,21 +12,25 @@
 {% endblock %}
 
 {% set login_namespace = namespace() %}
+
+{% set login_required = SITE_SETTINGS['login_required'] or SITE_SETTINGS['ddos_detected'] %}
+
 {% if ref_user %}
 	{% set login_namespace.authtitle = '@' ~ ref_user.username ~ ' has invited you!' %}
 	{% set login_namespace.authtext = 'Looks like someone wants you to join ' ~ SITE_NAME ~ '.' %}
-{% elif not SITE_SETTINGS['login_required'] %}
+{% elif not login_required %}
 	{% set login_namespace.authtitle = "Create your account." %}
 	{% set login_namespace.authtext = "No email address required." %}
 {% endif %}
-{% if ref_user or not SITE_SETTINGS['login_required'] %}
+
+{% if ref_user or not login_required %}
 	{% block authtitle %}{{login_namespace.authtitle}}{% endblock %}
 	{% block authtext %}{{login_namespace.authtext}}{% endblock %}
 {% endif %}
 
 {% block content %}
 <div id="register-form">
-	{% if not ref_user and SITE_NAME == 'rDrama' and SITE_SETTINGS['login_required'] %}
+	{% if not ref_user and SITE_NAME == 'rDrama' and login_required %}
 	<img loading="lazy" id="logo" alt="logo" src="{{'logo.webp' | asset_siteimg}}" width=70>
 	<hr>
 	<p class="text-muted text-justify mb-3" style="line-height: 1.2em">
@@ -46,7 +50,7 @@
 		<em>xoxo carp</em> 💋
 	</p>
 	<hr>
-	{% elif not ref_user and SITE_NAME == 'WPD' and SITE_SETTINGS['login_required'] %}
+	{% elif not ref_user and SITE_NAME == 'WPD' and login_required %}
 	<img loading="lazy" id="logo" alt="logo" src="{{'logo.webp' | asset_siteimg}}" width=70>
 	<hr>
 	<p class="text-muted text-justify mb-1" style="line-height: 1.2em">
@@ -103,7 +107,7 @@
 		Already have an account? <a href="/login{{'?redirect='+redirect if redirect else ''}}" class="font-weight-bold toggle-login">Log in</a>
 	</div>
 	</form>
-	{% if not ref_user and SITE_NAME == 'WPD' and SITE_SETTINGS['login_required'] %}
+	{% if not ref_user and SITE_NAME == 'WPD' and login_required %}
 	<p class="text-muted text-justify mb-6" style="line-height: 1.2em; font-size: 10px">
 		* okay so it's actually whenever I feel like hitting that Login Required button. I'm really sorry, but you have to understand: WE WANT TO BE YOUR FRIEND. And we can't do that unless you join. There's really no reason not to. Like I said, 8 seconds <em>at most</em> to register. What are you worried about? Your email being sold? I don't even know what that means and you don't either. Go ahead, tell me what you'd do if someone said like, "alright bud, go sell your email address to someone." WHAT DOES THAT MEAN? And, again, you really don't even need an email. Just a username and some stupid password. That's <strong>all</strong>. Come on. Peer pressure.
 	</p>
diff --git a/files/templates/submit.html b/files/templates/submit.html
index ab871dde7..75064342c 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -12,7 +12,7 @@
 {% block content %}
 		{% block form %}
 		<div class="submit-grid-view">
-			<form id="submitform" action="{% if SITE == 'watchpeopledie.tv' and not SITE_SETTINGS['under_attack'] %}https://videos.watchpeopledie.tv{% elif sub %}/h/{{sub}}{% endif %}/submit" method="post" enctype="multipart/form-data" style="grid-column: 2" data-nonce="{{g.nonce}}" data-onsubmit="submit(this)">
+			<form id="submitform" action="{% if SITE == 'watchpeopledie.tv' and not SITE_SETTINGS['under_attack'] and not SITE_SETTINGS['ddos_detected'] %}https://videos.watchpeopledie.tv{% elif sub %}/h/{{sub}}{% endif %}/submit" method="post" enctype="multipart/form-data" style="grid-column: 2" data-nonce="{{g.nonce}}" data-onsubmit="submit(this)">
 				<div class="container pb-0">
 						<div class="row justify-content-center">
 								<div class="col px-3 py-0">