Hi, sorry for the late reply, If your server/website(s) are under some heavy traffic attack, there are only few things you can do, really:
[1] Best option - run DDoS protection, this depends on your hosting, most of the time it is not free, because the excessive traffic spends bandwidth, and bandwidth is not free, someone has to pay for it. Some (rare) hosting companies provide it for "free", at the expense of more $/month included in the plan etc.
[2a] Second option is of limited effectiveness, and you need to work directly with your server firewall to prevent traffic from certain IPs or ranges, IF they can be identified and streamlined. Otherwise, it may be pointless.
[2b] Blocking these abnormal requests/sec on the Apache or PHP level, for example, is not as effective as dedicated DDoS protection, simply because it will still use your's server bandwidth and resources to a point, your server (Apache/Ngnix/etc.) and PHP will still perform some initial workload that counts. I mean, it surely will help (for example, I use self-developed protection of this sort for all of my websites as a first-line of defense, automatically monitoring requests and rejecting abnormal traffic amount), but much better option is [1].
[3] CloudFlare offers some basic protection on free accounts, might be worth a trial during the attacks. But otherwise, there are mixed results from using CF service, and you will probably have to disable a lot of their optimizations, because it may break your scripts, themes, plugins etc.
Regards