• Barry

    (@barrypersonalctonet)


    One of my clients is on a shared hosting plan at Bluehost, and had their site suspended last night because of a terms of service violation, where Bluehost said that the automated Wordfence scan was causing performance problems on the server. We had to call them to get the site put back, and I had to disable the scheduled scan.

    Have other people seen issues like this with the current version (6.2.3)?

Viewing 13 replies - 1 through 13 (of 13 total)
  • fatimajesus

    (@fatimajesus)

    Hi
    that is a fact, that wordfence, since the last updates,(since 2 months, perhaps) is apparently causing internal server errors. In my case, it makes my http go down in half with 500 and 503 errors. I would like to know, also, if there is something that can be done to fix this because this is a great plugin to secure the sites but now is affecting the server’s performance and that is not good. I am also in a shared hosting and my 2 sites have this issue caused by wordfence.

    razvancs

    (@razvancs)

    Hi, i recommend to upgrade your shared hosting with an VPS

    • This reply was modified 8 years ago by razvancs.
    Toni

    (@tools4toni)

    That is exactly what my host recommended. Upgrade to VPS. My resources are running in the red. However, I’m not upgrading. Sadly, deleting.

    mountainguy2

    (@mountainguy2)

    The Wordfence scan is an over-rated feature in my opinion. Just use Wordfence with minimal scanning. Uncheck the obvious options that are non essential, and get Premium version so you can schedule the scan for low traffic times, I do mine once a week, at 1:00 am Sunday morning. I have VPS but bandwidth is still an issue. Sure, I can pay the server company more $$ a month so I can run more scans. But I’d rather keep the money.

    The wordfence scan is mostly “reactive” in that it tells you that you’ve been compromised. What’s more important is doing proactive defense, which Wordfence does very well.

    Here are my thoughts and how I tend to set it up. Just my opinion, I am not associated with Wordfence and suggestions below are only intended to provoke thought and customization.

    Scan public facing site for vulnerabilities? (Do this once a month, keep unchecked.)

    Scan for the HeartBleed vulnerability? (Do once in your life, and run don’t walk from your ripoff ISP if you get a positive.)

    Scan for publically accessible configuration, backup, or log files. (Do twice a year.)

    Scan for publicly accessible quarantined files. (Once in your life.)

    Scan core files against repository versions for changes. (Keep checked.)

    Scan theme files against repository versions for changes. (Once in a while, or never if you customize your own theme.)

    Scan plugin files against repository versions for changes. (Uncheck, perhaps run once in a while if you don’t customize your plugins and every one is an exact match to repository.)

    Scan wp-admin and wp-includes for files not bundled with WordPress (Takes minimal bandwidth, keep checked.)

    Scan for signatures of known malicious files (Sure, why not? BUT, perhaps this references a huge list of sigs and uses significant bandwidth? Perhaps this is another one to run once a year.)

    Scan file contents for backdoors, trojans and suspicious code (Run once a month, Sunday night.)

    Scan posts for known dangerous URLs and suspicious content (If you’ve got very many posts, scan once a year, at night, then keep unchecked.)

    Scan comments for known dangerous URLs and suspicious content (Ditto.)

    Scan for out of date plugins, themes and WordPress versions (Keep unchecked, evaluate with human hands-on management.)

    Scan for admin users created outside of WordPress (Unchecked, evaluate with human hands-on management.)

    Check the strength of passwords (Useless if you know anything about passwords, keep unchecked.)

    Monitor disk space (Let your ISP do this, keep unchecked.)

    Scan for unauthorized DNS changes (Uncheck.)

    Scan files outside your WordPress installation (If your site has any mass at all, keep unchecked.)

    Scan images, binary, and other files as if they were executable (Again, regarding mass, I’ve got something like 50,000 image files, yeah sure, we’re going to binary scan each one of those? I could pay another $50/month for the bandwidth to do so, but nope, I don’t think so.)

    Enable HIGH SENSITIVITY scanning. May give false positives. (Keep unchecked.)

    Use low resource scanning. Reduces server load by lengthening the scan duration. (CHECK)

    MTN

    wfasa

    (@wfasa)

    Hi Barry,
    we have seen this type of report a couple of times before. However, the hosts rarely provide any details as to how exactly performance was negatively impacted in a significant way. In some cases it may be some other issue on the server that is causing Wordfence scans to perform badly, in some cases I wonder if it may just be a misinterpretation of the situation.

    Either way, Wordfence runs fine on most sites and most sites are on shared hosting. I do not think your customer should have to upgrade to VPS as suggested in this thread. Wordfence should run fine on shared hosting.

    We have recently made some changes to the plugin that should make it run better on hosts with limited resources. Among other things we added a scanning option called “Use low resource scanning. Reduces server load by lengthening the scan duration.” This option is available on the Wordfence Options page under “Scans to include”. This may be an option if you decide to continue using Wordfence.

    That said, I would suggest you ask for detailed information as to how performance was negatively impacted. Most hosts have performance monitors in place that will temporarily disable a site if it exceeds it’s resources. Shutting down a site manually is quite an extreme action and it would be nice to hear their reasoning behind that.

    mountainguy2

    (@mountainguy2)

    Years ago I was on Bluehost shared hosting. Was an entirely bad experience due to their poor adaptations to bandwidth surges. Would suggest changing hosts before you spend too much time trying to work with them. Trying to work with them literally took days out of my life that will never return. MTN

    fatimajesus

    (@fatimajesus)

    I have been reading all the replies of this issue and would like to say that, in my case, wordfence doesn’t cause issues when scanning, it simply makes my sites go down only because it is activated. It uses only about 60 to 80 megabites memory on scanning and I have 512. I did try to make my hosting company to explain to me why wordfence was causing this issue on my sites but they didn’t disclosure much. I found meanwhile, that the IP addresses where I have my sites are blacklisted on CBL, and am not sure if this is causing this issue with wordfence, since there are spamming sites on those IP’s and they keep appearing on CBL as infected.

    mountainguy2

    (@mountainguy2)

    So, Bluehost set you up with IP addresses that are blacklisted? Nice.

    Your thread start message says “automated Wordfence scan” but now you’re saying that is NOT what perhaps caused the overload? In any case, get your site on an IP that’s not blacklisted, then try disabling all plugins, install Wordfence, then immediately uncheck or turn off high bandwidth Wordfence options such as live traffic view and scanning, and see if you still have problems.

    MTN

    fatimajesus

    (@fatimajesus)

    Hi
    My hosting is not bluehost. My IPs are blacklisted since at least 2 months but I know that they were not blacklisted 3 or 4 months ago. I already did what you say, disabled all plugins, reinstalled one by one and only wordfence does this to the sites: immediately after activated, half of my http are down as seen at host-tracker.com, like i said. For now, I am not going to change my hosting service because I had bad experiences on other companies and my first site destroyed when on blogger and since 2 years I am up and secure, my sites have no malware whatsoever and only for 2 months I am having this problems. So, I just wait to the blacklisted issue is solved. but i am going to try to disable the live traffic and set low resources when scanning etc., although it is not the scanning itself but the plugin in it’s normal functioning that seems to be the culprit. Thanks, if it works i will tell here.

    fatimajesus

    (@fatimajesus)

    I am happy to say that your suggestion did work: i disabled live traffic and automated scans and the sites are up with no issues. i didn’t select the option to use low resources when scanning. Thanks for the help, I really love this plugin and am very happy to have it with no issues.

    Thread Starter Barry

    (@barrypersonalctonet)

    This has nothing to do with blacklisted IPs. This has to do with the hosting company taking the site down.

    And the hosting company was very clear; the reason for the action was the WordFence scan.

    Of course, it turns out there are over 2400 sites on the server, so I am not all that surprised that performance is a concern.

    B.

    mountainguy2

    (@mountainguy2)

    Barry, indeed, you do somewhat get what you pay for with hosting. Shared servers can be cheap, but as soon as your site gets any real traffic or you do much with it (like Wordfence scans, or perhaps writing a blog post that pulls in a data storm of traffic) the shared hosting might not be adequate. I went through this years ago, was very frustrating as I didn’t understand what I was paying for. Of course, the solution is hosting that scales for your traffic, I think Media Temple does that, but it doesn’t seem that common. I’ve been on quite a few hosts and every one simply had a plan with a fixed cost and bandwidth cap, with an account upgrade required for more bandwidth. Suggestions for hosts that scale nicely would be welcome. MTN

    fatimajesus

    (@fatimajesus)

    I am not sure if I understand what you’re saying, but i have a plan at Godaddy- managed wordpress- that allows 2 sites and 400 000 visits per month. However, it is also true that, when my visits came to almost 5000 per day in one month,latelly in one of the sites, the http went down on a percentage for some time.I believe there are no hosting service that are perfect but i have been on some and the one i have now is the only one that did secure my sites, from the vicious actions of an hacker that stocks my blog for 3 years, keeping the sites up and well so, not everything is bad and I’ll stick with them. -about wordfencde, the action of disabling live traffic was enough to stop the problem i was having, what is very nice. Also, if have an active scan on both sites at the same time, the sites don’t show any problems with that.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Hosting account suspended because of Wordfence performance’ is closed to new replies.