One wordpress site eats my CPU and freeze all

1. One wordpress site eats my CPU and freeze all
2. I'm having a problem with a wordpress site in my server, i tried a lot of things but i cannot solve the problem.
3.  
4. ++++++++++++++
5. If You want to buy cheap web hosting then visit http://Listfreetop.pw and select the cheapest hosting. it can be suitable for all your needs.
6.  
7. Top 200 best traffic exchange sites http://Listfreetop.pw/surf
8.  
9. list of top gpt sites
10. list of top ptc sites
11. list of top ptp sites
12. list of top crypto currency Wallets sites
13. Listfreetop.pw
14. Listfreetop.pw
15. Listfreetop.pw
16. +++++++++++++++
17.  
18. In some times and more when have larger views (no more than 2k views in a hour), the sites eat completly the CPU (using 70 to 100 of cpu). That makes the VPS crashes, sometimes also uses a lot of ram. I suspect was a malware, so i reinstall the wordpress (deleting all the files that aren't images), make a clean install with another theme, but i have the same problem, now is late and the visitors are a fews (0-10) but the server is slow and the use of CPU is high.
19.  
20. I have a AWS EC3 medium, the server is with WHM (CentOS), with no more 12 accounts with 8 WP installations, but only this eat the entire cloud server, i dont understand why.
21.  
22. When i do top and ps ax i view the process eating is php-cgi, i tried disabling plugins and themes, but also the uses is high....
23.  
24. ?What i can do? The site is of a client and this is really alerting me
25.  
26. I passed the scans of Sucuri, WordFence, and nothing.
27.  
28. Edit: The only "temporary" solution i found is change my instance type to a xlarger, but that is not a solution, because the site can't eat my server on that way...
29.  
30. I share some screens... https://imgur.com/a/KoxuCYk
31.  
32. The information you provided is not enough to even begin debugging this.
33. Your first point of interest should be the logs for that virtualhost, at a hunch it could be someone trying to brute-force that wp, i.e. check for repeated entries for wp-login.php. If it's that you're in luck as it's easily remedied.
34.  
35. BTW for the money you're paying AWS or a bit more you could've gone to an actual hosting company that could help you get unstuck from such circumstances.
36.  
37. Not much to go on but from my experience WordFence and bad bots can cause high load.
38.  
39. Do you have a firewall and bruteforce protection and mod_sec?
40.  
41. The information you provided is not enough to even begin debugging this.
42. Your first point of interest should be the logs for that virtualhost, at a hunch it could be someone trying to brute-force that wp, i.e. check for repeated entries for wp-login.php. If it's that you're in luck as it's easily remedied.
43.  
44. BTW for the money you're paying AWS or a bit more you could've gone to an actual hosting company that could help you get unstuck from such circumstances.
45. I finded in the cpanel the lastests visitors and i don't see anything of wp-login.php, another way to track it?
46.  
47. What log i need to find? thanks!
48.  
49. Not much to go on but from my experience WordFence and bad bots can cause high load.
50.  
51. Do you have a firewall and bruteforce protection and mod_sec?
52. The protection only by WordFence, i don't try disabling it.
53.  
54. BruteForce by CPHulk was disabled (now enabled) and mod_sec by WHM also
55.  
56. When I said to check, I meant to get on the command line and check, see if CPanel allows you to check the actual access log of that vhost if you're not comfortable with the linux shell.
57.  
58. I'd seriously consider taking some Linux training classes or hire a server management service. Don't take it personally, but one just shouldn't do web hosting without some Linux skills. As you can see you seem ill-equiped to deal with the situation.
59.  
60. When I said to check, I meant to get on the command line and check, see if CPanel allows you to check the actual access log of that vhost if you're not comfortable with the linux shell.
61.  
62. I'd seriously consider taking some Linux training classes or hire a server management service. Don't take it personally, but one just shouldn't do web hosting without some Linux skills. As you can see you seem ill-equiped to deal with the situation.
63. I usually do all the job with SSH, but i don't know how check the visits to only wp-login.php, i checked the access log from /usr/local/apache/domlogs/user/domain but i don't see visits of wp-login.php
64.  
65. (sorry for my bad english...)
66.  
67. make a clean install with another theme, but i have the same problem, now is late and the visitors are a fews (0-10) but the server is slow and the use of CPU is high.
68. Something tells me you have a problem with your VPS and you need to check it from security and optimization.
69.  
70. Another thing is how the hardware perform, etc....
71.  
72. Many reasons why... but we can only speculate.
73. Specially 4 You ||| Elevate Your Sites
74. .
75. JoneSolutions.Com ( Jones.Solutions or Jones.Hosting ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001
76.  
77. Something tells me you have a problem with your VPS and you need to check it from security and optimization.
78.  
79. Another thing is how the hardware perform, etc....
80.  
81. Many reasons why... but we can only speculate.
82. Maybe a security issue, but is strange but is only with this site!
83.  
84. Maybe a security issue, but is strange but is only with this site!
85. Did you try change the domain you are using for this site, or change the IP, change name folder of theme, ....
86.  
87. Did you try change the domain you are using for this site, or change the IP, change name folder of theme, ....
88. I reinstalled the site, the name folder of the theme is changed, the domain and ip no because is a production site (and a news site, everydays have many updates)
89.  
90. Do you have a caching plugin? Caching plugins can quickly eat up the available CPU resources if they are not configured correctly.
91.  
92. I usually do all the job with SSH, but i don't know how check the visits to only wp-login.php, i checked the access log from /usr/local/apache/domlogs/user/domain but i don't see visits of wp-login.php
93.  
94. (sorry for my bad english...)
95. You should also be looking for xmlrpc.php as it is abused in the same manner (sometimes more) as wp-login.php
96. ??? HostMantis ???
97. Affordable Web Hosting ? Shared ? Reseller ? Enterprise ? Instant Activation
98. cPanel ? LiteSpeed ? Cloudflare/Railgun ? NVMe ? DDoS ? Multi-PHP ? Let's Encrypt ? JetBackup
99. Canada ? USA ? Singapore ? UK ? Germany ? Australia ? France
100.  
101. Hi
102.  
103. I'm having a problem with a wordpress site in my server, i tried a lot of things but i cannot solve the problem.
104.  
105. In some times and more when have larger views (no more than 2k views in a hour), the sites eat completly the CPU (using 70 to 100 of cpu). That makes the VPS crashes, sometimes also uses a lot of ram. I suspect was a malware, so i reinstall the wordpress (deleting all the files that aren't images), make a clean install with another theme, but i have the same problem, now is late and the visitors are a fews (0-10) but the server is slow and the use of CPU is high.
106.  
107. I have a AWS EC3 medium, the server is with WHM (CentOS), with no more 12 accounts with 8 WP installations, but only this eat the entire cloud server, i dont understand why.
108.  
109. When i do top and ps ax i view the process eating is php-cgi, i tried disabling plugins and themes, but also the uses is high....
110.  
111. ?What i can do? The site is of a client and this is really alerting me
112.  
113. I passed the scans of Sucuri, WordFence, and nothing.
114.  
115. Edit: The only "temporary" solution i found is change my instance type to a xlarger, but that is not a solution, because the site can't eat my server on that way...
116.  
117. I share some screens... https://imgur.com/a/KoxuCYk
118.  
119.  
120. Hi,
121.  
122. As others have mentioned, there is almost no information given to help, and enough information to make guesses.
123.  
124. 1. Is this VPS managed or unmanaged?
125.  
126. 2. Is this a new client?
127.  
128. 3. How recent are these issues?
129.  
130. 4. Have you looked through logs?
131.  
132. 5. Any crons running?
133.  
134. 6. You said you do not see wp-login, but what about xml-rpc, index, or any other file repeatedly?
135.  
136. 7. What are the resources of the account (Ram, cpu)?
137.  
138. 8. With #7, if there's not enough resources to accommodate the current traffic, which about 1.5 millions views per month, then the "temporary" fix is actually what was needed. Think of it as such....you can rent a large truck to move items, or use a small car. The large truck will cost more, but will handle the job. The small car can also do some of the work, but then you're wearing out the car with multiple trips, and loading it down beyond what it can carry. In the long run, it actually cost less to get the moving truck, than to replace a burnt out car.
139.  
140. 9. If this is for a client, are you able to discuss upgrades with them?
141.  
142. 10. Has anything with images or the database been optimized?
143.  
144. 11. Is everything up to date, and not needed plugins or themes deleted.
145.  
146. 12. Looking at the screenshot, it's also possible a process is stuck, but that is just a guess.
147.  
148. 13. Have you communicated this with the host?
149.  
150.  
151. That list is just from the top of my head, and just a part of making sure WordPress runs efficiently and is secured. There are also cases where a neighboring VPS was the issue, which only the host would be answer.
152.  
153. Which are the available php handlers on your server?
154.  
155. Which are the available php handlers on your server?
156. PHP CGI and now enabled FPM in the account, the modules of php are this:
157.  
158. PHP 5.6
159. libc-client
160.  
161. pear
162.  
163. php-bcmath
164.  
165. php-calendar
166.  
167. php-cli
168.  
169. php-common
170.  
171. php-curl
172.  
173. php-devel
174.  
175. php-fpm
176.  
177. php-ftp
178.  
179. php-gd
180.  
181. php-iconv
182.  
183. php-imap
184.  
185. php-ioncube
186.  
187. php-litespeed
188.  
189. php-mbstring
190.  
191. php-mcrypt
192.  
193. php-mysqlnd
194.  
195. php-pdo
196.  
197. php-posix
198.  
199. php-sockets
200.  
201. php-xml
202.  
203. php-zip
204.  
205. runtime
206.  
207.  
208.  
209. Replying the anothers:
210.  
211. For XMLRPC i installed a plugin for disable it
212.  
213. Caching Plugin i installed W3, but now i disabled
214.  
215.  
216. 1. Is this VPS managed or unmanaged?
217.  
218. Is a Cloud Server in AWS
219.  
220. 2. Is this a new client?
221.  
222. No
223.  
224. 3. How recent are these issues?
225.  
226. 1 or 2 months
227.  
228. 4. Have you looked through logs?
229.  
230. Only access and error logs
231.  
232. 5. Any crons running?
233.  
234. I dont look into this, i gonna do
235.  
236. 6. You said you do not see wp-login, but what about xml-rpc, index, or any other file repeatedly?
237.  
238. In Access Logs i dont see it, i mean is not a brute force attack maybe.
239.  
240. 7. What are the resources of the account (Ram, cpu)?
241.  
242. Is an Amazon EC2 Medium, 2CPU and 4GB RAM
243.  
244. 8. With #7, if there's not enough resources to accommodate the current traffic, which about 1.5 millions views per month, then the "temporary" fix is actually what was needed. Think of it as such....you can rent a large truck to move items, or use a small car. The large truck will cost more, but will handle the job. The small car can also do some of the work, but then you're wearing out the car with multiple trips, and loading it down beyond what it can carry. In the long run, it actually cost less to get the moving truck, than to replace a burnt out car.
245.  
246. Is not really big visitors, maybe 40k per month
247.  
248. 9. If this is for a client, are you able to discuss upgrades with them?
249.  
250. They payed a completly year, and the increment of visitors are no "exponential" to this error, is "normal" to have 30k by month
251.  
252. 10. Has anything with images or the database been optimized?
253.  
254. Is WP, the DB is small, maybe 50mb
255.  
256. 11. Is everything up to date, and not needed plugins or themes deleted.
257.  
258. Yes, i reinstalled
259.  
260. 12. Looking at the screenshot, it's also possible a process is stuck, but that is just a guess.
261.  
262. The process of php-cgi uses a lot of cpu
263.  
264. 13. Have you communicated this with the host?
265.  
266. In AWS i mean they not help me, (that i known when i migrate from another comparny )
267.  
268.  
269. Now i reboot the server and is running "normal" but i don't know if when much visitors enter into the page the servers freeze again, so its scares me because i have another clients in the server.
270.  
271. Thank all for the replies!
272.  
273. Try to install 'lsapi' and use it as php handler instead of php-cgi.
274.  
275. I can see you already enabled php-fpm - do you notice an improvement already?
276. If no - make sure you have enabled it on this particular account as the default cPanel php-fpm manager can be buggy sometimes.
277.  
278. If the problem persists - you need to examine the access logs to see if you can find a pattern.
279. You should also check the Wordpress modules installed on this particular website.
280.  
281. submit-jet.com
282. domaine w trouillet
283. traffictoons.com
284. domain 53
285. hostcapitol.com
286. a host unto himself
287. forum gsmhosting rsim
288. m domain mail server download
289. hostel 8 iitb