Hi, thank you for your work, highly effective script. This is not properly an Issue, but a simple observation.
I have noted that the script specifically doesn't call to load-script.php, only with access to the Wordpress installation DOS condition occurs:

My quetion: It's seems that Wordpress load the load-scripts.php by default?

Otherwise, applying the software patch I'm able to mitigate the attack in the firewall and balance layer, but I think this only in the case of DOS condition and no in the case of DDOS.