You can still use the free level of Cloudflare it offers excelllent protection.
If you are running NGINX you should also install the free WAF from the panel..
If you are running PHP scripts, have a look at CIDRAM; it offers many levels of protection.