WF writes constantly to the database. Can this stop?

Hi kkoyan,
We have been looking at other solutions to implement in the future, but currently continuous reads and writes from the database are necessary for Wordfence to function correctly. It needs to remember a lot of things and react to conditional situations.

There are several features that use the database continuously and I don’t think it’s possible to disable all of them without breaking Wordfence or missing out on the actual protection. However, have you tried turning off Wordfence Tools > Live Traffic? That is a feature that is not really necessary except for debugging and turning that off should help somewhat.

Also, consider watching whether the increase happens primarily when scans run. We use database tables for temporary storage during the scan. I’m not sure what effect that will have in your system, but it’s worth keeping in mind.

Thanks for sharing the details of your case. If you have any other questions or concerns, just let me know.

Thanks Wfasa,
I had already tried turning off live logging. The binlogs continued raising. I had also turned off (temporarily, for a couple hours each) scans and firewall but the growing continued. Checking the generated bin logs I see a lot of records like this:
https://www.dropbox.com/s/e80kxlhdp5g7zis/binlog-ss.png

SET @@SESSION.GTID_NEXT=’XXXXXXXXXXXXXXXX’
use ‘mydb’;create table IF NOT EXISTS myprefix_wfFileChanges ( ‘filenameHash’char(64 NOT Null….
SET @@SESSION.GTID_NEXT=’XXXXXXXXXXXXXXXX’
use ‘mydb’;create table IF NOT EXISTS myprefix_wfHits ( ‘id’ int(10) unsigned ….

An alternative (in our case) could be to log all that temporary info in the redis server, but that would require some patching.
Please note: It is not the reading the database that creates the binlogs, it is only writting in the database.

This looks like install actions and they shouldn’t be running unless the plugin is currently being installed. Is this a multisite? Are you using some kind of automatic deployment? Multiple file systems?

Indeed it is a multiple file system, devivered by automatic deployment, and autoscaling.
We noticed that the wordfence_waf.php file is missing from the automatic deployments.
Could that be causing it? We are including it and checking again.

Hi again,
I don’t think wordfence_waf.php missing should be an issue unless you have optimized the Wordfence Firewall in which case it should cause a 500 Fatal Error.

One thing to look our for when there are multiple file systems is that they are not all keeping their own local copies of wflogs. They should all be sharing that folder as it contains current firewall state information. We have a constant that can be used to set that folder to a shared location. More info here: https://www.wordfence.com/help/advanced/constants/#web-application-firewall-waf

It doesn’t sound to me like that’s your primary issue though. It sounds like Wordfence thinks it’s not installed and keeps trying to run install actions over and over again. That’d more likely be a database related issue. Unfortunately I’m not a super whiz on autoscaling systems. Can you think of anything that could be causing an inconsistent state on certain tables in the database, for example wp_options?

• This reply was modified 6 years, 9 months ago by wfasa.