Dramatic slowdown with xhr_monitor – all hook

  • Resolved Viktor Szépe

    (@szepeviktor)


    8 years, 5 months ago

    If you use Query Monitor plugin you may know the ‘all’ hook warning as is slows down the whole website. As I’ve measured min. + 100 ms/page load.

    I was struggling with this in my homemade WAF.
    Here is the solution:

    if DOING_AJAX or $SERVER[REQUEST_URI] contains "/wp-admin/admin-post.php"
// There's no other way to detect admin-post requests
then hook a function in 'admin-init'

In that function hook 'all'.

    That’s it. It will slow down only AJAX and admin-post request from ‘admin-init’ on, not sooner.

    All the best wishes to you, Yorman!

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 5 replies - 1 through 5 (of 5 total)
  • yorman

    (@yorman)

    8 years, 5 months ago

    Man the information you provide in all your tickets is really helpful, I really appreciate the time you take to review the code of the Sucuri plugin and to report bugs and even suggest solutions. I will add this to my TODO list and will address the issue with the slowness by the time the new version is released.

    Thread Starter Viktor Szépe

    (@szepeviktor)

    8 years, 5 months ago

    Thank you!

    I feel like You work for me for free. So I am paying back something.

    This is a ‘gift’ for you. It spares you some typing during development.
    https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/mu-auto-login/auto-login.php

    Thread Starter Viktor Szépe

    (@szepeviktor)

    8 years, 5 months ago

    Back to ‘all’ hook.
    The common point seems to be ! empty( $_REQUEST['action'] )
    That simplifies the identification of admin-ajax and amin-post.

    ps. I had done this work for iThemes Security plugin until its “fall”.
    Sucuri Scanner has a much higher code quality – so I am happy about it.

    yorman

    (@yorman)

    7 years ago

    We decided to remove this feature [1] from the event monitor as it was causing too much trouble. The XHR monitor will be split into small pieces to target specific events that we believe have some relevancy, any other event triggered by an Ajax request will be ignored.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/29/commits/10c19b9

    Thread Starter Viktor Szépe

    (@szepeviktor)

    7 years ago

    I’ve updated my implementation long time ago:

    add_action( 'admin_init', array( $this, 'hook_all_action' ) );

    Conditionally:

            if ( ! empty( $_REQUEST['action'] ) ) {
            add_action( 'all', array( $this, 'unknown_action' ), 0 );
        }

    Then unknown_action is:

    
    public function unknown_action( $tag ) {
        // Check tag first to speed things up
        if ( 'wp_ajax_' === substr( $tag, 0, 8 )
            || 'admin_post_' === substr( $tag, 0, 11 )
        ) {
            global $wp_actions;
            global $wp_filter;
            $whitelisted_actions = array(
                'wp_ajax_nopriv_wp-remove-post-lock',
                'wp_ajax_nopriv_SimpleHistoryNewRowsNotifier',
            );
            // Actions only, not filters, not registered ones, except whitelisted ones
            // Actions are basically filters
            if ( is_array( $wp_actions )
                && array_key_exists( $tag, $wp_actions )
                && is_array( $wp_filter )
                && ! array_key_exists( $tag, $wp_filter )
                && ! in_array( $tag, $whitelisted_actions )
            ) {
                $this->trigger_instant( 'wpf2b_admin_action_unknown', $tag );
            }
        }
    }
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Dramatic slowdown with xhr_monitor – all hook’ is closed to new replies.