Hosting account suspended because of Wordfence performance

Hi, i recommend to upgrade your shared hosting with an VPS

• This reply was modified 7 years, 5 months ago by razvancs.

The Wordfence scan is an over-rated feature in my opinion. Just use Wordfence with minimal scanning. Uncheck the obvious options that are non essential, and get Premium version so you can schedule the scan for low traffic times, I do mine once a week, at 1:00 am Sunday morning. I have VPS but bandwidth is still an issue. Sure, I can pay the server company more $$ a month so I can run more scans. But I’d rather keep the money.

The wordfence scan is mostly “reactive” in that it tells you that you’ve been compromised. What’s more important is doing proactive defense, which Wordfence does very well.

Here are my thoughts and how I tend to set it up. Just my opinion, I am not associated with Wordfence and suggestions below are only intended to provoke thought and customization.

Scan public facing site for vulnerabilities? (Do this once a month, keep unchecked.)

Scan for the HeartBleed vulnerability? (Do once in your life, and run don’t walk from your ripoff ISP if you get a positive.)

Scan for publically accessible configuration, backup, or log files. (Do twice a year.)

Scan for publicly accessible quarantined files. (Once in your life.)

Scan core files against repository versions for changes. (Keep checked.)

Scan theme files against repository versions for changes. (Once in a while, or never if you customize your own theme.)

Scan plugin files against repository versions for changes. (Uncheck, perhaps run once in a while if you don’t customize your plugins and every one is an exact match to repository.)

Scan wp-admin and wp-includes for files not bundled with WordPress (Takes minimal bandwidth, keep checked.)

Scan for signatures of known malicious files (Sure, why not? BUT, perhaps this references a huge list of sigs and uses significant bandwidth? Perhaps this is another one to run once a year.)

Scan file contents for backdoors, trojans and suspicious code (Run once a month, Sunday night.)

Scan posts for known dangerous URLs and suspicious content (If you’ve got very many posts, scan once a year, at night, then keep unchecked.)

Scan comments for known dangerous URLs and suspicious content (Ditto.)

Scan for out of date plugins, themes and WordPress versions (Keep unchecked, evaluate with human hands-on management.)

Scan for admin users created outside of WordPress (Unchecked, evaluate with human hands-on management.)

Check the strength of passwords (Useless if you know anything about passwords, keep unchecked.)

Monitor disk space (Let your ISP do this, keep unchecked.)

Scan for unauthorized DNS changes (Uncheck.)

Scan files outside your WordPress installation (If your site has any mass at all, keep unchecked.)

Scan images, binary, and other files as if they were executable (Again, regarding mass, I’ve got something like 50,000 image files, yeah sure, we’re going to binary scan each one of those? I could pay another $50/month for the bandwidth to do so, but nope, I don’t think so.)

Enable HIGH SENSITIVITY scanning. May give false positives. (Keep unchecked.)

Use low resource scanning. Reduces server load by lengthening the scan duration. (CHECK)

MTN

Years ago I was on Bluehost shared hosting. Was an entirely bad experience due to their poor adaptations to bandwidth surges. Would suggest changing hosts before you spend too much time trying to work with them. Trying to work with them literally took days out of my life that will never return. MTN

So, Bluehost set you up with IP addresses that are blacklisted? Nice.

Your thread start message says “automated Wordfence scan” but now you’re saying that is NOT what perhaps caused the overload? In any case, get your site on an IP that’s not blacklisted, then try disabling all plugins, install Wordfence, then immediately uncheck or turn off high bandwidth Wordfence options such as live traffic view and scanning, and see if you still have problems.

MTN

• This reply was modified 7 years, 5 months ago by mountainguy2.

I am happy to say that your suggestion did work: i disabled live traffic and automated scans and the sites are up with no issues. i didn’t select the option to use low resources when scanning. Thanks for the help, I really love this plugin and am very happy to have it with no issues.

Barry, indeed, you do somewhat get what you pay for with hosting. Shared servers can be cheap, but as soon as your site gets any real traffic or you do much with it (like Wordfence scans, or perhaps writing a blog post that pulls in a data storm of traffic) the shared hosting might not be adequate. I went through this years ago, was very frustrating as I didn’t understand what I was paying for. Of course, the solution is hosting that scales for your traffic, I think Media Temple does that, but it doesn’t seem that common. I’ve been on quite a few hosts and every one simply had a plan with a fixed cost and bandwidth cap, with an account upgrade required for more bandwidth. Suggestions for hosts that scale nicely would be welcome. MTN