Title: wp3zzz's Replies | WordPress.org --- # wp3zzz [ ](https://wordpress.org/support/users/wordpress3zzz/) * [Profile](https://wordpress.org/support/users/wordpress3zzz/) * [Topics Started](https://wordpress.org/support/users/wordpress3zzz/topics/) * [Replies Created](https://wordpress.org/support/users/wordpress3zzz/replies/) * [Reviews Written](https://wordpress.org/support/users/wordpress3zzz/reviews/) * [Topics Replied To](https://wordpress.org/support/users/wordpress3zzz/replied-to/) * [Engagements](https://wordpress.org/support/users/wordpress3zzz/engagements/) * [Favorites](https://wordpress.org/support/users/wordpress3zzz/favorites/) Search replies: ## Forum Replies Created Viewing 14 replies - 1 through 14 (of 14 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148718) * Thank you! It’s not the hosting provider, I _am_ the hosting provider. The issue is that this is a brand new domain name purchased from namecheap and the DNS is not set yet, the host command returns this ip address “162.255.119.254” which i presume is some kind of namecheap landing server, and the command _time php- r ‘gethostbyaddr( “162.255.119.254” );’_ take _forever_ : bingo. When I plug in the public ip address of the server, it’s lightning fast. So once this goes to production the issue would have cleared up, and since it’s inaccessible in the meanwhile it doesn’t need security yet. * I’m using a local hosts file entry on my windows PC to override the public DNS during development, but that doesn’t help the hostname lookup on the server itself. Maybe I just need to make a temporary ‘hosts’ entry there to resolve it. Anyway, thanks again – I REALLY appreciate it, this is the kind of thing that can drive me crazy! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148713) * I wonder if it’s because I’m using a local “hosts” file entry to override the public DNS for the new site I’m working on? The public DNS server will return a different ip address than what I’m using. * and I wonder what ip address goes into gethostbyaddr? The server is NAT’d, but then again so are all my others… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148712) * You are brilliant. I commented out the call to _“is\_behind\_cloudproxy”_ in _function initialize()_ and now the site loads super fast the way it should. So I must assume this new server of mine has some bad RDNS or something along those lines, that I need to fix up. * I really appreciate not only that you responded twice within the same day but actually gave me the exact solution. * Thank you sir! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148685) * I repeated my steps on a totally different server and it’s not happening – the site loads fast. I wonder why it’s happening on this other server… it’s definitely happening as a direct result of activating and deactivating sucuri, must be some configuration difference or something with the first server, but i can’t imagine what? argh * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148681) * I clicked to force the scan and watched the server load climb all the way up to 0.09 (from 0.00) and now I see the last scan date shown. * Now with the plugin activated, loading the dashboard and site take about 9 seconds. Every click or change inside the dashboard takes this long, it’s unbearable. * I have added no themes, no plugins (other than sucuri) and no content. I really like sucuri and am using it on several other sites (versions prior to 1.7.9 however) wish I could use it on this new site. I’d be glad to help test or troubleshoot this issue, but this is unusable for me as is. * I deactivated sucuri and now the site and dashboard load within 1 second again. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] new install of 1.7.9 slows site to a crawl?](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [11 years, 1 month ago](https://wordpress.org/support/topic/new-install-of-179-slows-site-to-a-crawl/#post-6148679) * Thanks for you reply. I’m skeptical that this scan is the cause of the slowness. 1) the server CPU load was very low, certainly below 0.1 while this happened 2) the memory usage is very low also, not even close to swap. the server is chilling and loading static pages very fast. * The site was loading slow still after a good 20 minutes, does the scan take that long on a lightly loaded server with a fresh wordpress install (no added themes or plugins other than sucuri) ? Could something else be going on? * thank you again, Joe * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Error establishing a database connection](https://wordpress.org/support/topic/error-establishing-a-database-connection-493/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 1 month ago](https://wordpress.org/support/topic/error-establishing-a-database-connection-493/#post-3777878) * Thanks for the suggestion, tried that but got the same result. Now I enabled debug in wp-config and see this; * > Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using the old > insecure authentication. Please use an administration tool to reset your password > with the command SET PASSWORD = PASSWORD(‘your_existing_password’). This will > store a new, and more secure, hash value in mysql.user. If this user is used > in other scripts executed by PHP 5.2 or earlier you might need to remove the > old-passwords flag from your my.cnf file in /wp-includes/wp-db.php on line > 1141 * not sure why only this user is affected, but thanks to this clue, I finally did find the solution. In my.cnf was ‘old_passwords=1’, so I had to comment it out and then had to update the user’s password as above, flush privileges, woo hoo it works! * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/page/2/#post-3643389) * Thanks chaoix. It’s only because our servers were running slow and getting hit by the same ip addresses over and over that I had to look into this. Blocking the individual ip addresses got things under control on more than one occasion over the past few weeks. * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/#post-3643374) * The goal of my request isn’t to prevent the brute force attempts themselves ( which of course would be nice) but to prevent servers from getting overloaded by them, and in that regard I believe it will alleviate what I’ve been seeing. I’m going to give that plugin a try. Thanks for the links and info! * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/#post-3643371) * OK thanks Esmi – so if I’m understanding, the developers don’t offer this built- in (the option to limit access to wp-admin by IP) because too many people will lock themselves out? * Again it really seems that limiting the login requests to 1 per X seconds would alleviate what I’ve been seeing. So I’d like to continue to request that. * Edit: Request that developers incorporate this plugin or similar into main wordpress: [http://wordpress.org/extend/plugins/limit-login-attempts/](http://wordpress.org/extend/plugins/limit-login-attempts/) * thanks!! * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/#post-3643370) * Thanks Andrew – what sort of security measure should the hosting provider implement; is there a name or a specific product that can tell this brute force attack on wordpress from a legitimate request? * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/#post-3643367) * >”server processes the request before WordPress gets to it.” * I think there is some confusion here. WordPress itself (the wp-login.php script) processes login requests and this is what bogs down the server. * >”should be triggering its own protection” * what is the nature of the protection you’re talking about; is there a name for it and how do we install / configure that? Please provide a link or some information about this? * thanks! * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Built in Brute Force prevention](https://wordpress.org/support/topic/built-in-brute-force-prevention/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 2 months ago](https://wordpress.org/support/topic/built-in-brute-force-prevention/#post-3643359) * 1) if they’re blocked for 5 seconds, they won’t be locked out. If they think they are, tell them to “try again now”. * 2) What do you mean the server should be protecting you, how does it know a legitimate login request from a non? WordPress itself is processing the login request. It could fairly easily do something to lock itself for 5 seconds before processing the next request. * Forum: [Networking WordPress](https://wordpress.org/support/forum/multisite/) In reply to: [help w files for multisite](https://wordpress.org/support/topic/help-w-files-for-multisite/) * Thread Starter [wp3zzz](https://wordpress.org/support/users/wordpress3zzz/) * (@wordpress3zzz) * [13 years, 3 months ago](https://wordpress.org/support/topic/help-w-files-for-multisite/#post-3580655) * OK I figured it out by uploading an image through the site’s dashboard and seeing where wordpress puts it. * /wp-content/uploads/sites/20/2013/03/google_filename.html * it seems that I had looked there earlier and wordpress told me it wasn’t found, but I must have been confused, because sure enough, there it is. Viewing 14 replies - 1 through 14 (of 14 total)