More from support:
“The main issue appears to be that your wordpress installation is being attacked. Looking at the domlogs, POST requests to xxxxxx.com/ are being sent every few seconds. Basically it’s a bruteforce attack. I’m trying to build some filters to help mitigate this and I think I have one in place that works. Basically it is a mod_security rule that will block an IP from the server for 600 seconds if they send a POST request to xxxxxx.com/ more than twice in one minute. Looking at the domlogs, this appears to have significantly helped as I am seeing regular get requests instead of a solid wall of POST requests. However, this only addresses one of the issues, that being the number of processes your account opens. It still looks like your script is also using a good amount of resources.”
Does this mean, among other things, my web host doesn’t have basic security measures in place?
No. From that reply, it would seem that your hosts are dealing with this attempted brute force attack in a very pro-active manner.
Excellent. That is a relief. Could you help me understand what they mean by my script “using a good amount of resources”? Where do I look to confirm and how would I resolve?
Thank you!
I performed a fresh re-install using BackupBuddy. Performance seemed to work only slightly better, but still reaching 100% CPU Usage. The MySQL database is less than 4 MB. I ran Advisor in phpMyAdmin and have 17 issues. One of which is:
“The rate of reading the first index entry is high. This usually indicates frequent full index scans. Full index scans are faster than table scans but require lots of CPU cycles in big tables, if those tables that have or had high volumes of UPDATEs and DELETEs, running ‘OPTIMIZE TABLE’ might reduce the amount of and/or speed up full index scans. Other than that full index scans can only be reduced by rewriting queries.”
Could someone please show me (provide link to us laypeople/newbies) on how to do this? Or is this just leading me down the rabbit hole when I should be looking elsewhere?
Thank you.
So I asked over at the MySQL forum, and one of the responses regarding some output was:
First line = data
— Second line = engineer’s response
“( Opened_tables ) = 100,133,382 / 1293288 = 77 /sec — Frequency of opening Tables
— increase table_open_cache
( Opened_files ) = 175,634,798 / 1293288 = 135 /sec — Frequency of opening Files
— Increase table_open_cache? Decrease number of tables?
( Opened_table_definitions ) = 91,435,495 / 1293288 = 71 /sec — Frequency of opening .frm files
–If you have only 1GB, then table_open_cache = 2048 is much too high, in spite of it needing to be higher. Recommend 50. What the heck is going on to need table opening that often?
( Select_scan ) = 1,529,700 / 1293288 = 1.2 /sec — full table scans
— Add indexes / optimize queries (unless they are tiny tables)
( Select_scan / Com_select ) = 1,529,700 / 6486350 = 23.6% — % of selects doing full table scan
— Add indexes / optimize queries
Select_scan is indicative of poorly designed schema and/or selects — WordPress would have to fix that.”
Any thoughts, WordPressies? Thank you!
