Support » Plugin: Wordfence Security - Firewall & Malware Scan » CPU usage through the roof with Wordfence 6.3.12 update

  • Resolved Curious Cuisiniere

    (@curious-cuisiniere)


    Hello,

    I updated to the most recent version of Wordfence today (version 6.3.12) and almost instantly my CPU usage started going through the roof. My host (SiteGround) is recommending disabling Wordfence all-together because their records are showing that the Wordfence cron job is causing abnormally high mysql resource usage.

    I did not make any changes to my Wordfence settings upon updating, so I am really not sure why simply an update would cause the sudden surge in CPU usage.

    Looking through these forums it seems like the common recommendations for this problem are to disable
    * Scan files outside your WordPress installation
    * Scan images, binary, and other files as if they were executable
    * Enable HIGH SENSITIVITY scanning
    * Live Traffic
    and enable
    * Use low resource scanning
    These are settings that we have been using for a while, and I doubled checked that they are still selected.

    Any assistance as to why the recent update would have caused the sudden spike in CPU usage from the cron jobs and what we can do about it to reduce our CPU usage would be greatly appreciated.

    Thank you.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Hi @curious-cuisiniere,

    Could you please

    • Go to the Wordfence Tools page
    • Click the Diagnostics tab
    • Scroll down to the Send Report by Email section
    • Send the report to yann[at]wordfence[dot]com

    Also could you check the integrity of your database and repair tables if necessary.

    Hi @wfyann,

    I have sent the report over.

    Our host is saying that they are noticing an excessive amount of WordPress cron runs caused by the Wordfence plugin doing frequent updates to its database tables.

    I also noticed that while today “Connecting back to this site” is listed as “OK”, yesterday, when we were having the bulk of these issues, this section had a red “X”. Not sure if this has any bearing on the issues, but I thought I would mention it.

    Thank you.
    Sarah

    I’m also experiencing the same problem following an auto upgrade to version 6.3.14. Strangely I have the same hosting provider (SiteGround). Any recommendations?

    Same problem, same host provider … well, not feeling so lonely anymore lol

    Hi,

    We’re experiencing the same error. It wasn’t like this before.
    I’ve sent a report to “yann[at]wordfence[dot]com”

    Thanks,

    Huy

    We never heard anything back after sending the report over to @wfyann . All I can say is we’re afraid to update Wordfence now. Interesting that others on the same host are experiencing the same problem though.

    Hi folks!

    Yann reached out to me about this thread. We do not have a lot of information to go on here and this is not something we are seeing in testing or seeing reported across the board. SiteGround is a large hosting provider. It is quite possible that your cases are isolated. However, I will definitely have a look at your diagnostics and see if I see anything unusual there.

    I do know that SiteGround added an anti bot service back in May. I am going to assume your own sites IP addresses are whitelisted in this anti-bot service so that your sites do not accidentally block themselves. However, the initial mention of fail the Wordfence Diagnostics tests for “Connecting back to this site” make me wonder. I also know that SiteGround site IPs tend to change more often than most so that makes me wonder as well.

    https://www.siteground.com/blog/new-anti-bot-ai/

    My first recommendations

    1. Check to make sure your sites aren’t blocking their own IP in any way. Check Wordfence advanced blocking section to make sure you don’t have anything in there that is accidentally matching your own sites IP. Also check any blocks you may have in .htaccess. You can also check your servers access logs. I believe the SiteGround anti-bot software responds with a 444 when it blocks things. If you see any requests mentioning “wordfence_doScan” that have a response code that is anything other than 200, you have a problem.
    2. If you are using an old PHP version, upgrade to at least 5.6. We recommend PHP 7 for best performance.

    If you find anything interesting in your servers access logs, feel free to email those to asa@wordfence.com. Mention this forum thread in the email so I know where the data is coming from and I will have a look as soon as I can.

    Thanks!

    Same issue for us. Majority of our sites on SiteGround, all use WordFence. Very sluggish or maxing out resources.

    We encountered this same issue with the most recent update to 7.1.1.
    CPU Usage on SiteGround was maxed and my site was taken off-line. Here’s the results of their support diagnostic:

    During the investigation I noticed a number of slow database queries, the longest of which was regarding the wordfence_start_scheduled_scan cron event. Checking the cron events I noticed that the wordfence_start_scheduled_scan was listed over 100 times. Due to that I created backup of your database and disabled the Wordfence plugin and deleted the cron event:

    Code:
    user@usm38 [~/public_html/blog]# wp cron event delete wordfence_start_scheduled_scan
    Success: Deleted 1966 instances of the cron event ‘wordfence_start_scheduled_scan’.
    user@usm38 [~/public_html/blog]# wp db export
    Success: Exported to ‘user_temp-2018-03-24-aa22861.sql’.
    user@usm38 [~/public_html/blog]# wp plugin deactivate wordfence
    Plugin ‘wordfence’ deactivated.
    Success: Deactivated 1 of 1 plugins.

    I’m afraid to re-activate the Wordfence plug-in now.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘CPU usage through the roof with Wordfence 6.3.12 update’ is closed to new replies.