?wordfence_syncAttackData

While the number of hits to /?wordfence_syncAttackData=[number] seemed to be going down, it has began to spike again over the last 20 minutes… again causing my site to slow. What is going on here?

Just want to add that i noticed this too recently. Been getting 90% CPU load twice a day, looked into access log and there were /?wordfence_syncAttackData followed by wordpress cronjob, not sure if related but probably was since Wordfence has to periodically update attack patterns and stuff?

If it’s indeed confirmed, could Wordfence make that process not too CPU intensive?

From my research into this, WordPress’ internal cron does trigger Wordfence. I disabled it and now use scheduled. The occurrence of /?wordfence_syncAttackData linked to my host server’s IP went down slightly, but still getting spikes. I also set it so Wordfence would bypass my server’s IP but that seemed to have no impact.

Right around when I made my last post, hit’s to /?wordfence_syncAttackData=[number] from my host server dropped to nothing for about an hour, then another spike that lasted about an hour, and now only roughly 10-20 per hour since. Would really like to know what caused this and how to avoid it in the future.

• This reply was modified 4 years, 4 months ago by Tim.

Roughly 2 hours ago, the spikes started again… during a traffic low point. Is anyone from Wordfence paying attention?

Hi @tjalexander70

You may have blocked your server IP address.

I would like to have a look at your Wordfence diagnostics report. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and @tjalexander70 as the forum username please.

Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail.

@pao2 – As per forum guidelines below can you open your own topic please:

“Unless users have the exact same version of WordPress on the same physical server hosted by the same hosts with the same plugins, theme, and configurations, then the odds are the solution for one user will not be the same for another. For this reason, we recommend people start their own topics.”

Sorry I did not see this till now. I’ll send it in the AM. Thanks.

Sent. Thank you again.

No response to the email. Did you forget me?

Add to the above, Jetpack Backup and Scan started not completing. On investigation, Automattic’s support identified a conflict with Wordfence, stating that the scan was running into trouble in the wfReverseCache table.

Their suggestion was to select the “Delete Wordfence tables and data on deactivation” option and then deactivate and reactivate the plugin to see if the issue clears out and allow Jetpack Backup and Scan to complete.

I did this but without reactivating the plugin and Jetpack Backup and Scan completed fine.

All things considered, I will be using security alternatives rather than Wordfence.

• This reply was modified 4 years, 3 months ago by Tim.

Hi @tjalexander70

Sorry for the delay. The support team has been almost at 50% capacity recently and we are in the process of hiring more staff.

Your diagnostics report looks okay.

We would need to see the server raw access logs for the time when you said, “this issue coincided with a huge spike in hits to /?wordfence_syncAttackData=[number]” – you can still send them if you wish to wftest [at] wordfence [dot] com as the email. Make sure to put your forum username in the email subject field. Once you have emailed them reply here to let me know that it has been sent.

If you had to reset Wordfence database tables then that indicates that one or more database tables crashed. I see that you are using the MyISAM storage engine so you may want to ask your hosting provider to switch to the InnoDB storage engine as it is a lot more stable.