Too many calls to admin-ajax.php maxes out SiteGround

  • Hi,

    For users on SiteGround, they have a thing called CPU Sections which has a limit. On the “GrowBig” plan, this limit is 600,000. On the GoGeek plan, it’s 800,000.

    I don’t know exactly how this is calculated, but CPU seconds are used whenever running dynamic scripts such as PHP or Pearl or anything else.

    Recently SiteGround shut down a site of ours for going over this limit. When researching the cause, the access logs showed an excessive number of visits on “/wp-admin/admin-ajax.php?action=mfm_directory_runner”.

    This actually happened as a kind of “spike” over the course of 3 days. I see calls to this file as much as 15,000 to 18,000 every day, but during these “spikes”, I had as many as 90,000 calls to the admin-ajax script from the mfm_directory_runner action.

    I don’t know why that might be or what sorts of conditions would require it.

    Here is what an access log entry looks like:

    https://www.example.com – [18/Nov/2024:01:01:05 +0000] “POST /wp-admin/admin-ajax.php?action=mfm_directory_runner&nonce=a2521765444bb HTTP/1.1” 200 11 “-” “WordPress/6.6.2; https://example.com” | TLSv1.3 | 0.548 0.566 0.567 – 0 NC:000000 UP:-DT

    I assume this has everything to do with MFM scanning and looking for file changes, but unfortunately this excessive use of admin-ajax means we can’t run the plugin on SiteGround.

    I thought you and others should know. If the CPU Seconds gets used up, SiteGround will shut down the site for the entire rest of the month. Hopefully nobody else runs into this, or you can figure out how to not require so many uses of the ajax script.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author robertabela

    (@robert681)

    Hello @guyinpv

    Sorry for the late response to your forum post.

    First of all, thank you for using our plugin. In regards to your issue, those requests are actually sort of done by the Background Processing library used in the plugin. It is used to queue all the files and scan them, and to also keep track of the scan.

    However, you shouldn’t be seeing that many requests. So below are a few questions. Can you please answer them to help us troubleshoot this issue?

    1. What version of WordPress and PHP are you running?
    2. Can you please make sure you are using the latest version of the plugin?
    3. Is this an issue that occurs often, or it happened a few times and now you are able to successfully scan your website?
    4. How many files do you have on your website?
    5. In the latest edition of the plugin we added a new option, basically you can exclude files. Previously files were only ignored. Can you try excluding files, for example, from the media library and confirm it it helps?

    Looking forward to hearing from you.

    Plugin Author robertabela

    (@robert681)

    Hello @guyinpv

    Just wanted to touch base with you about this issue. Can you please try the latest update (2.2.0) and advise if the issue persists? If it does, can you please send us the information we requested in our first response and check if you can use the exclude feature? Most probably that will solve the issue.

    Looking forward to hearing from you.

    Thread Starter Guyinpv

    (@guyinpv)

    That could be hard to test since the excessive ajax calls happened quite randomly and only for a few days out of the whole month.

    The plugin is now updated to 2.2.1 and it is enabled to scan again.

    I’ll keep an eye on it for some weeks but it could be a month or two before I feel comfortable that the issue won’t happen again.

    If you avoid closing this thread, I will report back perhaps in February if it hasn’t happened again by then. Or I’ll report sooner if it does happen again of course.

    On a side note, when 2.2.1 updated, it went through the wizard asking various questions. One of the questions was to enable/disable the WP core files verification check. I turned this setting OFF because another security plugin already does that. But after the wizard was done, I went into the settings and noticed the WP core check feature was still enabled, so the wizard did not disable the setting. FYI.

    Plugin Author robertabela

    (@robert681)

    Thank you very much for the update @guyinpv

    We will look into the issue you reported. In the meantime, when you have updates, just ping us.

    Have a great weekend.

    Thread Starter Guyinpv

    (@guyinpv)

    Turns out I didn’t have to wait that long.

    I received a message from SiteGround that the “CPU Seconds” were once again filling up for the month.

    I checked the access logs and still see quite a bit of activity on the mfm_directory_runner action. On December 24th there were 52,742 calls to admin_ajax with that action. Note that in my settings I have the entire wp-content folder in the exclude list. Not ignore, but exclude. I assume this means the program won’t even try to scan it. This should eliminate all the uploads directory and everything. And all the normal file extensions are disabled as per default. WP core is also disabled.
    Unless I don’t know how these exclusions work, shouldn’t that reduce a ton of scanning? Will there still be a lot of directory runner actions even with all this stuff excluded?

    Your questions from earlier:

    1. Version of WP: 6.7.1.
    2. Latest version of plugin: Yes. Updated as soon as 2.2.1 was released.
    3. Occurs often or few times: There are spikes on CPU Seconds pretty much every day. Usually around 4-5am and again between 7pm-midnight into the following day. So essentially about twice a day this activity jumps. Here is a screenshot of how CPU seconds looks in SiteGround: https://www.dropbox.com/scl/fi/5svuogl0lah3kwjs1whlk/2024-12-27_13-40-44.png?rlkey=1e3r7njzzb6q64klwy4fwx5il&dl=0
    4. How many files: The whole site is 10.9GB according to SiteGround. This is about 92,000 inodes which we can think of as files and folders. But I don’t know how much it is when excluding the WP core and wp-content folder and all the excluded file types.

    My first question would be, can I exclude the entire wp-content folder? I’ve had another scanner in the past that didn’t allow excluding wp-content, it could only exclude folders within that folder.

    Here is a screenshot of the exclude settings: https://www.dropbox.com/scl/fi/xkdikoch2hlqdf52y8ti6/2024-12-27_13-50-34.png?rlkey=jwf674aol7zzl30h4hmt59jba&dl=0

    I guess the question is to figure out if this much traffic to admin-ajax would be normal in my situation. Does the scanner create one hit for every individual file? Or is it one hit to trigger each folder? Or one hit per grouping of X number of files? What should this look like normally?

    Thanks for any more ideas, I’ll have to turn off the plugin again so I don’t hit limits.

    Plugin Support Danny Jones

    (@distinctivepixels)

    Hi there,

    Thanks for the update.

    Regarding the amount of traffic to admin-ajax, this looks normal as the scanning process takes place in the background via small queued tasks – the queue size will depend on the amount of directories and files within those directories and as the processing of all the logic which detects changes takes place, admin-ajax is used to check if the queue has finished or not.

    Now, with that said, reducing the load by excluding wp-content (as you have done from your screenshot here https://www.dropbox.com/scl/fi/xkdikoch2hlqdf52y8ti6/2024-12-27_13-50-34.png?rlkey=jwf674aol7zzl30h4hmt59jba&e=1&dl=0) should have helped – are you seeing a reduction in load now you have wp-content excluded from all scanning compared to your initial report? Are there further directories or such you can ignore?

    Id like to dig in a little more (I am the developer of this plugin) so can you please email us at [email protected] so we can look into this further?

    Look forward to hearing from you.

    Daniel – Support @ Melapress

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.