WordFence hitting /wp-admin/admin-ajax.php excessively
-
I host my sites on MediaTemple. This month I got an email about GPU overage. When I look at the GPU reporting tool, the culprit seems to be /wp-admin/admin-ajax-php on one of my sites.
When I review the site’s access logs, I see these lines repeating over and over and over again originating from the server’s own IP address:
[code]
~/Downloads/access_log-2015-10-17-05:115: [17/Oct/2015:05:19:06 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=31fbc5007543ee0b7a5f3fb2 HTTP/1.0" 200
~/Downloads/access_log-2015-10-17-05:126: [17/Oct/2015:05:22:52 -0700] "POST /123.xyz/wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.0" 200 12
~/Downloads/access_log-2015-10-17-05:127: [17/Oct/2015:05:21:00 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=4fb624723829682416ffe9e5 HTTP/1.0" 200
~/Downloads/access_log-2015-10-17-05:129: [17/Oct/2015:05:24:23 -0700] "POST /123.xyz/wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.0" 200 12
~/Downloads/access_log-2015-10-17-05:132: [17/Oct/2015:05:22:53 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=2395ff043fb0ef7417914584 HTTP/1.0" 200
~/Downloads/access_log-2015-10-17-05:134: [17/Oct/2015:05:26:06 -0700] "POST /123.xyz/wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.0" 200 12
~/Downloads/access_log-2015-10-17-05:138: [17/Oct/2015:05:24:25 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=5e2d0b6c640b52f25ca5025e HTTP/1.0" 200
~/Downloads/access_log-2015-10-17-05:140: [17/Oct/2015:05:27:42 -0700] "POST /123.xyz/wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.0" 200 12
~/Downloads/access_log-2015-10-17-05:144: [17/Oct/2015:05:26:08 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=3226995a55bffb0d439939e4 HTTP/1.0" 200
~/Downloads/access_log-2015-10-17-05:146: [17/Oct/2015:05:29:19 -0700] "POST /123.xyz/wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.0" 200 12
~/Downloads/access_log-2015-10-17-05:150: [17/Oct/2015:05:27:43 -0700] "GET /123.xyz/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=52a0ba81060645524ec251d HTTP/1.0" 200
[/code]
- The topic ‘WordFence hitting /wp-admin/admin-ajax.php excessively’ is closed to new replies.