Support » Plugin: Wordfence Security - Firewall & Malware Scan » Wordfence caused my site to be deactivated

  • Resolved WhitBin

    (@whitbin)


    I received an email today from Bluehost saying they deactivated y site due to TOS violation. When I called they said Wordfence was violating their TOS. They had me rename the file in my cpanel and that deactivated the plugin. I’m not sure if this is a premium only problem, or what. I liked Wordfence, as it has blocked several login attempts, but I’m not sure why it would cause my site to be deactivated?

Viewing 15 replies - 1 through 15 (of 16 total)
  • I had the same issue today. BH support said it was using high CPU resources on the server. I found an article that said that the live traffic monitor can eat up a lot of resources when you have wordfence running on multiple WP installations on the same server. BH support said that that helped, and also suggested scheduling each site’s scan for a different time of day to distribute the load better.

    Hi whitbin and nadirajamal,
    I’m pretty sure that the next version of Wordfence will include some improvements to the plugin performance in general which -hopefully- could prevent such issues in the future.

    If you have any kind of reports from Bluehost with some detailed information that can point to specific options/functions in the plugin causing this high CPU usage, it will be nice to share them with us, feel free to send any to “alaa [at] wordfence [dot] com”.

    Thanks.

    wfasa

    (@wfasa)

    Hi!
    The current version of Wordfence has an option to run “Low resource scans”. Please try to enable that. It will lower the total amount of resources Wordfence scan uses at any time. If you are still having issues with that option on let us know!

    I just received same note from my hosting provider recently.
    I’m hosting about 40 WordPress installs, each one on it’s on CPANEL (yes, it matter on speed if you have many WordPress in one CPANEL), and with about 12 plugins on each one.
    For two weeks I have been dealing with my provider. They are shutting me down every other day, I have been uninstalling plugins and fixing settings all over.
    I ever did what Wfasa told about Low Resource Scans in all my wordfence plugins
    I’m using the free ones, and the field “Use low resource scanning. Reduces server load by lengthening the scan duration.” is checked on all of them.
    using the free version, I can’t schedule times for scan, (it’s a premium feature)
    Then, today, after all that, I still receiving messages from my hoster, now complaining specific about wordfence:
    ———
    “Count: 247 / 29.90% Request: “POST /wp-admin/admin-ajax.php?action=wordfence_testAjax HTTP/1.1”
    ———-
    This line has been offending the server CPU in every single WordPress site with Wordfence that I have.
    the count range from 50, all the way up to 400
    the CPU percentage from 12% (acceptable) up to 90% (way over my 25% limit)

    I do like wordfence and I think it’s a good plugin. But I can’t afford having my sites shutdown every other day by my host provider.
    Besides the Low Resource Scans, is there any way I can limit the use of wordfence hitting my /admin-ajax.php ?

    In time: I installed a plugin to control WordPress Heartbeat, but seams like Wordfence by pass that plugin. I limite it to one every 60seconds, but using or not using, the cpu load is the same on Wordfence.

    Open to ideas

    Hi ehm01,
    If you are getting 247 concurrent requests to wordfence_testAjax in one WordPress install that would certainly be something going wrong right there. I would then suspect that there is some issue with admin-ajax.php on the site, or that processes are not being killed correctly.

    Have you checked the servers error logs to see if there are any entries there that can be related?

    You can always turn off automatic scanning if you want to keep the other benefits from Wordfence while you work out this issue. On the Wordfence “Options” page click to disable “Enable automatic scheduled scans”.

    Same here. Got a notification from Hostgator just not so long ago that my account is deactivated and was sent these snapshots from the server.

    Current Site Requests:
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.***.50.*** mar******.com /wp-admin/admin-ajax.php?action=wordfence_testAjax

    Snapshot 1
    mvp13 28752 48.8 0.1 366788 75716 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php
    mvp13 30184 72.3 0.1 366788 74596 ? RN 06:01 0:07 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php

    Snapshot 2
    mvp13 28752 48.8 0.1 366788 75716 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php
    mvp13 30184 72.9 0.1 366788 74596 ? RN 06:01 0:08 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php

    Snapshot 3
    mvp13 28752 48.8 0.1 366788 75716 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php
    mvp13 30184 73.3 0.1 366788 74596 ? RN 06:01 0:08 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php

    Snapshot 4
    mvp13 28752 48.8 0.1 366788 75716 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php
    mvp13 30184 73.9 0.1 366788 74596 ? RN 06:01 0:08 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php

    Snapshot 5
    mvp13 28752 48.8 0.1 366788 75716 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php
    mvp13 30184 74.3 0.1 366788 74596 ? RN 06:01 0:08 /opt/php54/bin/php-cgi /home4/mvp13/public_html/wp-admin/admin-ajax.php

    I am having the same issue with Hostgator. Multiple sites are being shut down and all I can track the cpu usage problem to is the wordfence (/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c). anyone have any success with this besides deactivating Wordfence? If I turn on the autoscanning does it help things?

    Hi all,
    for those of you who are having issues with Hostgator telling you that Wordfence is using too much CPU

    1. Check to make sure the server software is up to date. At Wordfence we suggest using at least PHP 5.6 in order to keep your site stable and secure (preferably PHP 7). PHP versions lower than 5.6 are no longer supported by the developers of PHP and unless they are properly patched they can contain security holes. You can see more information about supported versions of PHP here.

    2. Turning off automated scans may help, but be aware that you will then not be notified if malware pops up on your site because Wordfence will not be able to detect it.

    3. To limit the scans activity you can disable these scan options:

    * Scan files outside your WordPress installation
    * Scan images, binary, and other files as if they were executable
    * Enable HIGH SENSITIVITY scanning (may give false positives)

    and enable this option

    * Use low resource scanning (reduces server load by lengthening the scan duration)

    4. You can also disable “Live Traffic”. If you want to keep “Live Traffic” on, you can increase the value in “Update interval in seconds (2 is default)” to 5 or even 10. This will allow you to still see current activity on the site, just with a longer delay.

    We have been working to improve scan performance for the past year and have made significant improvements. However, it appears that Hostgators usage restrictions are stricter than most. If you are running a fresh version of PHP and you have tried the options above and are still getting shut down, our advice would unfortunately have to be to change to a host that allows more resources. We can not properly scan and secure sites if we are not allowed to use even the minimum of resources required.

    Hope that helps and best of luck with your sites!

    Hi guys, I am having the same problem. Hostgator has shut down my webste because of to high a CPU usage for long lengths of time. I also get an email report saying Wordfence scans are not completing around the same time my site is shut down. It says:

    “This email was sent from your website “Online Business Ideas|Online Business Systems” by the Wordfence plugin.
    Wordfence found the following new issues on “Online Business Ideas|Online Business Systems”.
    Alert generated at Thursday 13th of April 2017 at 01:13:44 AM
    The scan was terminated early because it reached the time limit for scans. If you would like to allow your scans to run longer, you can customize the limit on the options page: http://onlinebusinesssystems-diyim.com/wp-admin/admin.php?page=WordfenceSecOpt or read more about scan options to improve scan speed here: https://docs.wordfence.com/en/Scan_time_limit
    Critical Problems:
    * Scan Time Limit Exceeded
    NOTE: You are using the free version of Wordfence. Upgrade today:
    Receive real-time Firewall and Scan engine rule updates for protection as threats emerge
    Other advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available
    Remote, frequent and scheduled scans
    Access to Premium Support
    Discounts of up to 90% for multiyear and multi-license purchases
    Click here to upgrade to Wordfence Premium:
    https://www.wordfence.com/zz2/wordfence-signup/

    Here is the Hostgator report for CPU usage:
    CPU Seconds used in the past hour: 3044.4, 85% CPU
    Thu Apr 13 06:01:14 CDT 2017
    Running Processes:
    onlinebu 9697 66.3 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 89.1 0.6 391520 110840 ? RN 06:01 0:05 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Running Queries:
    *************************** 1. row ***************************
    USER: onlinebu_wrdp1
    DB: onlinebu_wrdp1
    STATE:
    TIME: 4
    COMMAND: Sleep
    INFO: NULL
    *************************** 2. row ***************************
    USER: onlinebu_wrdp1
    DB: onlinebu_wrdp1
    STATE:
    TIME: 5
    COMMAND: Sleep
    INFO: NULL

    Open connections

    Current Site Requests:
    157.55.39.177 onlinebusinesssystems-diyim.com /category/featured/page/18/
    157.55.39.177 onlinebusinesssystems-diyim.com /category/featured/page/5/
    180.76.15.12 onlinebusinesssystems-diyim.com /2013/03/24/
    192.185.189.118 onlinebusinesssystems-diyim.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.185.189.118 onlinebusinesssystems-diyim.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.185.189.118 onlinebusinesssystems-diyim.com /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
    192.185.189.118 onlinebusinesssystems-diyim.com /wp-admin/admin-ajax.php?action=wordfence_testAjax

    Doc Root: /home/onlinebu/public_html

    CPU Usage: 149.8% (warning)
    LimitPHP: Limit file exists. (warning)
    Varnish: onlinebusinesssystems-diyim.com is cached. (warning)

    Snapshot 1
    onlinebu 9697 61.6 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 80.8 0.6 391520 110840 ? RN 06:01 0:06 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Snapshot 2
    onlinebu 9697 61.6 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 81.3 0.6 391520 110840 ? RN 06:01 0:06 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Snapshot 3
    onlinebu 9697 61.6 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 82.0 0.6 391520 110840 ? RN 06:01 0:06 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Snapshot 4
    onlinebu 9697 61.6 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 82.5 0.6 391520 110840 ? RN 06:01 0:06 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Snapshot 5
    onlinebu 9697 61.6 0.6 390036 111520 ? SN 06:00 0:17 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php
    onlinebu 9959 83.1 0.6 391520 110840 ? RN 06:01 0:06 /opt/php54/bin/php-cgi /home/onlinebu/public_html/wp-admin/admin-ajax.php

    Current load: 06:01:16 up 174 days, 4:42, 0 users, load average: 0.01, 0.00, 0.00″

    Can you help?

    Hi Tony,
    in the message I posted before yours there are a bunch of suggestions. Please try those.

    • This reply was modified 2 years, 7 months ago by wfasa.

    Yep, Wordfence also crashed my site. The software is giving me headaches. I deactivated it and CPU usage dropped 40%. Wow! I’m putting an end to it.

    Wordfence hasn’t crashed my VPN but it keeps generating messages that scan time has been exceeded. I deleted the error_log (both the public_html log as well as the WP admin error_log), increased the scan time to 14,400 seconds (4 hours), changed some of the settings as advised on the “Help” page – and NOTHING. Scan time still exceeded.

    This did NOT happen for the past 9 months I have had the free version installed. It is very, very frustrating as I am NOT a technical expert and none of the guys at Ninja (my hosting service) can work on it because it is 3rd party software. They did confirm I had more than enough resources available to run a scan.

    I have turned off the “automatic scan” button as suggested. But how to get the problem resolved I do not know.

    I have recently had the same problems with Wordfence eating up all my cpu allowance, very frustrating as the plugin would not allow me to deactivate it, I had to get my host to do it on 2 occasions. Have now deleted Wordfence and will not be using again!

    Hi again, I was able to get Wordfence to work again by DELETING all the stored Wordfence tables. WF set me up as new and has run all scans within the allotted 3 hr window. I simply clicked the option to delete all the tables upon deactivation. Once reactivated the program worked. Maybe doing this will help you.

    I was just deactivated this morning. I can’t get into my WordPress admin account to deactivate Wordfence. I’m really disappointed because I liked this plugin. I’m waiting for HostGator to turn me back on again. I guess I’ll have to delete Wordfence in all my websites.

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘Wordfence caused my site to be deactivated’ is closed to new replies.