xmlrpc.php slow?

That file is often used by hackers both as a means of penetrating the site, and as a part of a DOS attack, which sounds like what might be happening to you.

Take a look at your log files and search for xmlrpc.php and see if the hits are coming from IP addresses you can block.

I found the best way to prevent future attacks is to use a security plugin like Login Security Solution that helps prevent attacks on the xmlrpc.php file.

https://www.ads-software.com/plugins/login-security-solution/

Your reply made more sense than any of the replies from my host combined.

They did throw me a list of IP addresses in that same email I mentioned previously and told me “Please check your incoming traffic and if the traffic is not legit please block them.”

The list included 19 individual IP’s, including my own if I quick-search for “what is my IP address”.

I receive so much traffic that I am really clueless to how I am supposed to know whether these IP’s are legit or not, especially when my own is thrown in.

How would you handle this situation? Should I simply block them all besides my own?

and I will definitely look into the plugin you mentioned.

Try this plugin:
https://www.ads-software.com/plugins/disable-xml-rpc-pingback/

It’s very simple, no options, just install and leave. Should instantly help.

What’s happening is a pretty well known WordPress issue. Basically, bots are using your xmlrpc.php file to DDOS attack a third-party by exploting the Pingback functionality.

In my experience that plugin is very effective in shutting that right down.

Also, maybe let your host know so they can give their other customers better info that they gave you.

Update: I received a pingback some time ago, could not find it until now when searching through trash mail.

The site is here.

Is this legitimate? and should I take the advice written on this random blog for my xmlrpc.php?

Much of the article is gibberish to me but maybe someone on here can make more sense of it.

Also, I found that of the 19 IP’s supplied by my host, one was my own ISP, 11 were attached to my CDN and 3 were from Google (15 total).

The other four are:

157.55.39.93 (which I believe is Microsoft, but not sure if I should unblock)
207.46.13.70 (same as above)
68.180.228.118 (yahoo but same story)

199.21.99.194 (yandex – no idea what this is)

I found that trilemas IP is 23.235.235.243 (did not show up in list that my host gave me, but I may have to look further into this myself).

I am on a VPS server, which is supposed to remain up for 99.9% of the time.
Is it okay that my host is allowing for my site and server to shut down so much because of reasons they are not able to pinpoint and are not trying to pinpoint?

Should I change hosts?

This is an ongoing problem, (ONE that has not bee sufficiently addressed by wordpress)

Today, I had 23 sites that had been attacked by using that same file, only this time it consumed memory, leaving my server out of memory, (I banned IP addresses, killed processes, now back to normal) but here is the thing that I do not understand.

Why is this still a problem?

Is it not time to drop this outdated and (badly coded page) sorry frustration, it makes no sense to have this problem after knowing its an issue for so many years, yet still its there?

WordPress comes off as more of a hassle to me than a helpful tool.
The only reason I ever chose to use it was for the search bar (php and mysql script premade), but WordPress is slow and now this… I am at a loss.

these hangs are caused by a script (in this case xmlrpc.php) waiting on some other resource (a MySQL query, a network resource, etc.) and not having any kind of a timeout coded (or an extremely long timeout). The PHP max_execution_time never actually gets called because time spent waiting doesn’t count against execution time, seems like a real lack of coverage by the team, (understanding of course that they likely have lots of more important things to attend to) Still it seems like an oversight.