Title: xmlrpc.php slow?
Last modified: August 22, 2016

---

# xmlrpc.php slow?

 *  [thelackof](https://wordpress.org/support/users/thelackof/)
 * (@thelackof)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/)
 * I recently transferred to a VPS Hosting and since then, my site has had a LOT
   of downtime.
    I receive emails from my host referencing “HANG”, “FAILED”, or “
   RECOVERED”.
 * It has taken email upon email to get a clear and direct response from my host
   until finally, today, one informed me that after “investigating the issue in 
   detail”, they found that xmlrpc.php was using the first and second most of my
   resource-usage.
 * What does this mean? What can I do?
 * The website is [http://www.abandonedplaygrounds.com](http://www.abandonedplaygrounds.com)

Viewing 8 replies - 1 through 8 (of 8 total)

 *  [Matt Knowles](https://wordpress.org/support/users/aestheticdesign/)
 * (@aestheticdesign)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665462)
 * That file is often used by hackers both as a means of penetrating the site, and
   as a part of a DOS attack, which sounds like what might be happening to you.
 * Take a look at your log files and search for xmlrpc.php and see if the hits are
   coming from IP addresses you can block.
 * I found the best way to prevent future attacks is to use a security plugin like
   Login Security Solution that helps prevent attacks on the xmlrpc.php file.
 * [https://wordpress.org/plugins/login-security-solution/](https://wordpress.org/plugins/login-security-solution/)
 *  Thread Starter [thelackof](https://wordpress.org/support/users/thelackof/)
 * (@thelackof)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665464)
 * Your reply made more sense than any of the replies from my host combined.
 * They did throw me a list of IP addresses in that same email I mentioned previously
   and told me “Please check your incoming traffic and if the traffic is not legit
   please block them.”
 * The list included 19 individual IP’s, including my own if I quick-search for “
   what is my IP address”.
 * I receive so much traffic that I am really clueless to how I am supposed to know
   whether these IP’s are legit or not, especially when my own is thrown in.
 * How would you handle this situation? Should I simply block them all besides my
   own?
 * and I will definitely look into the plugin you mentioned.
 *  [Jacob Peattie](https://wordpress.org/support/users/jakept/)
 * (@jakept)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665524)
 * Try this plugin:
    [https://wordpress.org/plugins/disable-xml-rpc-pingback/](https://wordpress.org/plugins/disable-xml-rpc-pingback/)
 * It’s very simple, no options, just install and leave. Should instantly help.
 * What’s happening is a pretty well known WordPress issue. Basically, bots are 
   using your xmlrpc.php file to DDOS attack a third-party by exploting the Pingback
   functionality.
 * In my experience that plugin is very effective in shutting that right down.
 * Also, maybe let your host know so they can give their other customers better 
   info that they gave you.
 *  Thread Starter [thelackof](https://wordpress.org/support/users/thelackof/)
 * (@thelackof)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665565)
 * Update: I received a pingback some time ago, could not find it until now when
   searching through trash mail.
 * The site is [here](http://trilema.com/o-hai-let-me-wanna-be.php?id=www.abandonedplaygrounds.com/schossberger-castle-abandoned-jewel-of-tura/).
 * Is this legitimate? and should I take the advice written on this random blog 
   for my xmlrpc.php?
 * Much of the article is gibberish to me but maybe someone on here can make more
   sense of it.
 *  Thread Starter [thelackof](https://wordpress.org/support/users/thelackof/)
 * (@thelackof)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665566)
 * Also, I found that of the 19 IP’s supplied by my host, one was my own ISP, 11
   were attached to my CDN and 3 were from Google (15 total).
 * The other four are:
 * 157.55.39.93 (which I believe is Microsoft, but not sure if I should unblock)
   
   207.46.13.70 (same as above) 68.180.228.118 (yahoo but same story)
 * 199.21.99.194 (yandex – no idea what this is)
 * I found that trilemas IP is 23.235.235.243 (did not show up in list that my host
   gave me, but I may have to look further into this myself).
 * I am on a VPS server, which is supposed to remain up for 99.9% of the time.
    
   Is it okay that my host is allowing for my site and server to shut down so much
   because of reasons they are not able to pinpoint and are not trying to pinpoint?
 * Should I change hosts?
 *  [eduguytoo](https://wordpress.org/support/users/eduguytoo/)
 * (@eduguytoo)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665567)
 * This is an ongoing problem, (ONE that has not bee sufficiently addressed by wordpress)
 *  Today, I had 23 sites that had been attacked by using that same file, only this
   time it consumed memory, leaving my server out of memory, (I banned IP addresses,
   killed processes, now back to normal) but here is the thing that I do not understand.
 * Why is this still a problem?
 * Is it not time to drop this outdated and (badly coded page) sorry frustration,
   it makes no sense to have this problem after knowing its an issue for so many
   years, yet still its there?
 *  Thread Starter [thelackof](https://wordpress.org/support/users/thelackof/)
 * (@thelackof)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665568)
 * WordPress comes off as more of a hassle to me than a helpful tool.
    The only 
   reason I ever chose to use it was for the search bar (php and mysql script premade),
   but WordPress is slow and now this… I am at a loss.
 *  [eduguytoo](https://wordpress.org/support/users/eduguytoo/)
 * (@eduguytoo)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665569)
 * these hangs are caused by a script (in this case xmlrpc.php) waiting on some 
   other resource (a MySQL query, a network resource, etc.) and not having any kind
   of a timeout coded (or an extremely long timeout). The PHP max_execution_time
   never actually gets called because time spent waiting doesn’t count against execution
   time, seems like a real lack of coverage by the team, (understanding of course
   that they likely have lots of more important things to attend to) Still it seems
   like an oversight.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘xmlrpc.php slow?’ is closed to new replies.

## Tags

 * [Failed](https://wordpress.org/support/topic-tag/failed/)
 * [hang](https://wordpress.org/support/topic-tag/hang/)
 * [resource usage](https://wordpress.org/support/topic-tag/resource-usage/)
 * [vps](https://wordpress.org/support/topic-tag/vps/)
 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)
 * [xmlrpc.php](https://wordpress.org/support/topic-tag/xmlrpc-php/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 8 replies
 * 4 participants
 * Last reply from: [eduguytoo](https://wordpress.org/support/users/eduguytoo/)
 * Last activity: [11 years, 2 months ago](https://wordpress.org/support/topic/xmlrpcphp-slow/#post-5665569)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics