1) it would be slightly better to DROP requests to the URL than to reject them and
2) you can DDOS plenty of other servers besides web servers. You're right of course that there likely isn't a server attached to the IP address (though you could likely tie up at least the one thread with programmatic recursion / redirects), but DDOSing isn't particular to web servers at all.
No, but DDOSing does require an open listener - the most common and easiest is a web server. If whoever is trying to use some old Wordpress hacks is smart, however likely that is, he/she would not have a ton of ports open.
You can also drop requests if per-IP if you are setup on a web provider that has a hardware firewall, but I do not know your setup, so my recommendation was one that would work anywhere.