Support » Plugin: Wordfence Security » Taming Wordfence and admin-ajax.php

  • For the past month, I’ve been receiving an increasing number of Wordfence / admin-ajax.php complaints. I manage many thousands of WordPress installs so not just tossing this out as a one site complaint.

    It seems admin-ajax.php requests are even overwhelming my client’s VM’s in some cases. There has been talk from my clients on deleting Wordfence entirely as a result.
    Is the security benefit worth the downtime…

    Something seems very wrong in the Wordfence camp.
    Any ideas/recommendations or news on this pressing subject?

Viewing 6 replies - 1 through 6 (of 6 total)
  • common access log example:

    conferencistas/ – – [03/May/2017:09:55:13
    -0700] “GET
    HTTP/1.1″ 200 0 ”

    conferencistas/ – – [03/May/2017:09:55:30
    -0700] “POST
    HTTP/1.1″ 200 32 ”

    • This reply was modified 8 months, 3 weeks ago by  hackrepair.
    Plugin Support wfalaa


    I’m not sure if you are hosting these websites on a VPS or a dedicated server you have, or they are on a shared hosting account?
    Also, would appreciate if you have more accurate statistics regarding these “overwhelming” requests?
    In general, you may want to take a look at these suggestions mentioned in this thread which should reduce the server resources usage during scans.

    Let me know how it goes,



    I am curious about this topic also because everytime I update the content on a clients site I get the popup with a warning about this file:

    It is obnoxious. If I am laying out pages it occurs every time I save and preview, and then when I enter page edit again. Depending on the content I am trying to lay out it can happen up to 40 or 50 times an hour. The only choices are to whitelist it, or dismiss it… I finally whitelisted it but I don’t think that is likely the best option.

    Plugin Support wfalaa


    @peonypink this sounds like a totally different case, please switch the firewall status into “Learning Mode” from (Wordfence > Firewall), then perform all the actions you are doing using the page builder, and revert the firewall back to “Enabled and Protecting” after a couple of days for example.


    We run a few dozen sites and the admin-ajax.php issue mentioned initially above is causing us to rethink our entire use of wordfence.

    Well, for a site I built using Divi Theme, recently I started getting a ‘Divi Builder Timeout’ error message when using the Divi Builder. Within the Java Console I get the message:
    POST ….wp-admin/admin-ajax.php 500 (Internal Server Error)

    When I deactivate WordFence, the issue is resolved.
    What alternatives are there to WordFence?

    (I’m normally happy with WF, but in this case I need to make another plan)

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.