Site Scans failing due to rate limit

Hi @jrunkel,

The “Exceeded rate limit. Please wait XXX seconds.” error usually indicates that you’ve done too many attempts to scan the site in a row. Solid Security’s Site Scanner has a 10-minute rate limit. For the Basic version, it’s tied to your server’s IP address, so you may run into the rate limit more often if you have plenty of sites on the same server, which seems to be what’s happening in your case.?

This error usually resolves after waiting for the specified time to pass, but if it continues, the next thing I would recommend is conducting a conflict check. Try deactivating all plugins, switch to a default WP theme, and check if running a manual Site Scan is successful. Don’t forget to clear all sorts of caching when troubleshooting. If the manual scan is successful, reactivate the plugins one at a time to isolate the culprit. 

The other thing you can try would be to increase the server resources, as this issue had something to do with the server.

I’d also recommend checking if your server is having issues with WP Cron. You can check the “Raw Details” of the Site Scan logs and if you find this data there: url => wp-cron to confirm the scan was triggered by cron. Then, using server tools or plugins that can check for crons, check if the scheduled tasks for the site scans are being duplicated somehow.

Hope this helps, and please let me know if you find anything!

I think you didn’t understand the problem. These are 5 completely different websites of individual customers. As it happens they use the same hosting company (Strato) and have shared hosting packages. Due to the many rate limit errors the Site Scan feature is effectively useless for them.

Can you confirm that this is a common problem when using shared hostings?

Hi @jrunkel!

Yes, this is common for sites on a shared hosting setup. 

This is because sites on shared hosting setup will often be represented by a single IP address (which is what you’ve noticed in the logs), which then increases the chances of exceeding the rate limit, because for Solid Security, these sites will appear as a “single” site.

I’d recommend checking in with Strato if they have workarounds for this error that will work on a shared hosting setup

Unless there is a way to send those requests from a different IP address on the host side, the only way I can think of to avoid the rate-limiting would be to look into staggering/scheduling the scans by seeing if the host can modify the cron job schedule on your server. 

There isn’t a direct setting within Solid Security to do this, but you can try to enable the Debug module (How Do I Enable Solid Security Debug?) and then click the “Reset” button, below the Scheduler table (see here). This will reset the scheduled plugin actions for that site alone, so do this for other sites at different intervals.

The other thing you could consider would be upgrading the server resources or to a VPS/dedicated hosting setup, so each site will have a unique IP address.

Hope this helps!

Thanks for your response. To be honest that sounds like a lot of effort with little chance of permanent success.

So realistically I’d either need to upgrade to the Pro version or switch to another security plugin.

I’ll consider this. Thanks again.

@jrunkel you’re welcome and thank you for understanding!

I agree that if staggering the scheduled scans or upgrading the server resources isn’t possible, the most helpful options for now would be to either upgrade or switch to another security plugin. Note that you can also disable the Site Scan Scheduling feature in Solid Security and manually trigger the site scan daily if it works for your sites.

Hope this helps!