• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

wp-login.php causes high server load on cPanel server

Started by Chris, March 21, 2017, 04:59:25 PM

WordPress Premium Themes


Today i faced an weird issue. While monitoring our servers i saw hanging wp-login.php process from few WordPress user. When the process start hanging on the server, it also overload the server. I tried checking the wp-login.php file but found nothing suspicious in it.

anyone having such issue? or am I being maliciously attacked by someone?


You can check that your website under brute force attack.
There are few ways to prevent your website from brute force attack.

  • Always use STRONG password.
  • You can also use wordpress plugin.

You can check more steps : https://hoststud.com/resources/how-to-prevent-wp-login-php-from-brute-force-attack.396/


Before proceeding, it is important to determine whether you want to go down the path of discovering the current resource usage or rather to review the historical usage from a specific date or time. The former would be necessary to resolve an issue occurring in real time, while the latter would be a forensic investigation as to what caused a prior issue. For the sake of checking every box, we will cover both scenarios below.

Historical resource usage can be viewed using the "sar" utility, which should exist by default on all cPanel servers from the sysstat package. Statistics are collected when sysstat runs via cron (/etc/cron.d/sysstat). If crond is not running, sysstat will not be able to collect this historical data.

To view resource usage with sar, you must provide the path to the file that corresponds to the date in question. For example, if you wanted to view the load averages for your server from the 23rd of the month, you would run this command:

[user@host ~]$ sar -q -f /var/log/sa/sa23
The above command above '-q' to obtain the load average information, and '-f' to specify from which sar file to obtain the information. Keep in mind that sar may not have historical data going back more than a week or so.

You do not need to specify the date when viewing the statistics for the current day. As such, this command would show the load average for today:

[user@host ~]$ sar -q
As with any command with which you are unfamiliar, it is always advisable to read the documentation:

[user@host ~]$ man sar
Current CPU Usage

The real-time CPU usage can be viewed by running the "top" command. On the line that says "Cpu(s)," check the "%id" section to see the percentage at which your CPUs are idle; the higher the number, the better. A 99% idle CPU is doing almost nothing, whereas a 1% idle CPU is heavily tasked at that moment.

[user@host ~]$ top c
Tip: hit "P" to sort by processes that are currently consuming the most CPU.

Historical CPU Usage

As noted above, we will use the "sar" command to view the historical statistics. The command is otherwise virtually the same, being sure to check the "%idle" column:

[user@host ~]$ sar -p
Current RAM Usage

To view how much memory the server currently has unutilized, or free, use the "free" command:

[user@host ~]$ free -m
Tip: run "top c" and hit "M" to see which processes are consuming the most memory.

Historical RAM Usage

One thing to note when checking the historical memory usage is that the version of sar being used will determine the specific command. Older versions of sar used '-r" to show both %memused and %swpused (swap memory used), but more current versions of sar require the additional use of '-S' to show %swpused:

[user@host ~]$ sar -r

[user@host ~]$ sar -r
[user@host ~]$ sar -S
Current Disk I/O Usage

The final resource to investigate when determining high server load errors is the overall read and write activity of the hard drive itself. The following command will display the disk usage statistics ten times each second. Note that the following commands will not work on OpenVZ/Virtuozzo containers:

[user@host ~]$ iostat -x 1 10
Historical Disk I/O Usage

As with the the above examples, we use the sar command:

[user@host ~]$ sar -d

WordPress Premium Themes