Wordfence apparently causing extreme CPU overload

  • Resolved bwhughes

    (@bwhughes)


    10 years, 9 months ago

    My site has been going through CPU “spikes” overloading my shared hosting (HostGator), and they have advised me that Wordfence appears to be making numerous admin-ajax.php requests that are causing such high usage.

    HostGator is repeatedly restricting my site temporarily and then removing the restriction when the CPU usage falls down again. I was specifically asking them, when they told me this, about the “Firewall Rules” section of Wordfence, asking if any of those would reduce CPU usage. Their reply was: “We would not recommend enabling those settings as apart of the WordFence security plug-in. All of these settings rely on the ‘admin-ajax.php’ function of WordPress to ensure that all of these things are running. In some cases it would be possible that every time a request is made to your site, WordFence would call for the admin-ajax.php and start a process to check whether or not the IP address is from a human or crawler. In general the admin-ajax function of WordPress is a very CPU intensive function, and ideally, you would want to keep the calls for this function to a minimum to ensure that your CPU usage is as low as possible.”

    So what part of Wordfence can I safely use in order to prevent these spikes and keep my site from being restricted?

    I should say that I was not having ANY problems at all before this last week, since the site first started in early December. Why would problems suddenly start happening? There WERE other issues…. I had to install WP Super Cache; a Calendar was causing high usage, etc. After fixing all that stuff and the site got much faster, and the CPU usage was very low for several days, it started spiking yesterday and today and now they are telling me it’s this admin-ajax.php function and Wordfence that’s causing the spikes.

    Can you specify what my ideal settings should be? I’m not running the Live Traffic option and I haven’t set any Firewall Rules. Should I UNcheck “Immediately block fake Google crawlers?” What about all the other options? How can Wordfence “play nice” with my host?

    Thank you so much for any help you can offer! I’m an unpaid volunteer for my church, and this website could very well be a fulltime job! Whatever you can tell me, clearly and step by step, will be SO appreciated!

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter bwhughes

    (@bwhughes)

    UPDATE: I just deactivated Wordfence. I was on the options page and I suddenly saw a bunch of “live activity” at the very top of the page (that one line of info), even though I had DEselected the Live Traffic View.

    I have never seen that before. It always appeared as a static line. It looked like it was going crazy!

    My latest CPU usage report is “Very High” (between “High” and “Extreme”). My site was restricted earlier today when it had gone to “Very High” and then it shot way back down again and they removed the restriction without me doing anything.

    Not only am I unpaid, but I’m going in for surgery tomorrow! I really want to use Wordfence, but I really need advice on how to use it properly so HostGator won’t keep taking my site down! (The stress is getting pretty high…. I’d like to see THAT on a chart!)

    Thanks again…..

    Plugin Author Wordfence Security

    (@mmaunder)

    Hostgator are incorrect. I occasionally chat to them via email or in person so I’ll bring this up next time we chat.

    Wordfence calls admin-ajax.php when it runs a scan or when you’re viewing live traffic to update your view. Those are the only times admin-ajax.php is called. So it sounds like your site got into a scanning loop.

    It sounds like misconfiguration is causing it to repeatedly scan. So I’d recommend either removing WF or unchecking the box on the options page to “Enable automatic scheduled scans” and Save which will disable scheduled scans.

    Regards,

    Mark.

    Thread Starter bwhughes

    (@bwhughes)

    Hi Mark,

    Just before I went into surgery yesterday, I got a fuller explanation from HostGator on what was going on with my site. It appears that the issue has now been resolved.

    They found out that over 6,000 ajax requests were coming from my IP address. They wrote: “While you or another person with administrative access may not have been actively working on the site from your wp-admin panel, ajax requests such as this often occur in a loop, sending requests to the server over and over again, as long as the referral page remains open in a tab in a web browser. This is in fact one known issue with the Wordfence Security plugin. Consequently, I often advise customers to immediately close its configuration page once they are done making changes to it so that the ajax requesst don’t continue to hit the server over and over again (otherwise it’s best to use a security plugin that is less resource intensive).”

    As it turns out, I had my WordFence options page open for HOURS at a time at various times during all of this. I had no idea at all that I could be causing the problem! I DID have other issues that I needed to address to bring my CPU usage down, and that seemed to fix things for a while. But at one point I was dealing with WordFence and looking at all its options, including doing quite a bit of analysis of the Live Traffic view, and I just never closed that page! So the spikes started happening again.

    As of very early Friday morning, I have had no troubles with CPU usage, and I’m still running WordFence just fine. Somewhere along the line I learned that it would be advantageous to disable the Live Traffic View, so I did that. Without looking at the page of options, I think that I do still have the “automatic scheduled scans” enabled, because I got an email notice early today about needing to update a plugin. So that’s fine.

    I do, however, want to know if you can advise me further about the Firewall Rules settings. If my CPU usage is low, would it benefit me at all to use any of those settings, especially the one about fake Google crawlers? Obviously, I would want to get in and out of that page fairly quickly, so if there’s something you can tell me to do, step by step, to make adjustments, that would be great!

    Also, it seems like good advice to make your users aware that it’s best to never keep the WordFence options page open for any length of time. As the HostGator Tech wrote: “I often advise customers to immediately close its configuration page once they are done making changes to it.” Perhaps a notice directly on the options page stating that you need to close it as soon as possible to avoid CPU overload would be a good thing!

    Regards and Thanks,
    bwhughes

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence apparently causing extreme CPU overload’ is closed to new replies.