100% CPU usage in scan – errors

  • Resolved marketingspectrum

    (@marketingspectrum)


    1 year, 9 months ago

    Hi Wordfence team,

    Hope you can help.
    The last couple of weeks I was continuously getting a 100% CPU resource usage. Today I found time to dive in, and I found at the 100% times there are multiple AH01797 notifications:

    [Wed Jun 21 01:24:58.550557 2023] [access_compat:error] [pid 1551160:tid 140133449762560] [client 70.37.59.233:1856] AH01797: client denied by server configuration: /home/deb123972/domains/xxxxx.xx/public_html/wp-includes/1index.php, referer: https://xxx.nl//wp-includes/1index.php?pass=********

    Followed by a large list with the same log notification:

    [Wed Jun 21 02:41:59.662792 2023] [lsapi:warn] [pid 2649261:tid 140132921349888] [client 141.138.168.120:52080] [host https://www.xxxxx.xx] Backend log: PHP Warning:? foreach() argument must be of type array|object, null given in /home/xxxxx/domains/xxxx.xx/public_html/wp-admin/includes/plugin.php on line 1780\n

    I found out only WF scan was running at that time and saw the following errors in the wordfence log:

    

[Jun 21 02:47:48:1687308468.556908:1:error] <br /> <b>Deprecated</b>: strtotime(): Passing null to parameter #1 ($datetime) of type string is deprecated in <b>/xx/xxxxxx/domains/xxxxx.xx/public_html/wp-content/plugins/wordfence/lib/wfScanEngine.php</b> on line <b>2032</b><br /> 0

[Jun 21 02:47:40:1687308460.852214:1:error] strtotime(): Passing null to parameter #1 ($datetime) of type string is deprecated (8192) File: /xx/xxxxx/domains/xxxx.xx/public_html/wp-content/plugins/wordfence/lib/wfScanEngine.php Line: 2032

    Am I correct that’s something on your end?

    I just ran a manual wordfence scan and I’m hitting 100% CPU usage again.
    Is this a bug / known error / something I can fix myself?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @marketingspectrum, thanks for reaching out!

    It’s a difficult question to answer for sure as there can be many reasons for a website taking a lot of resources to scan. Sometimes we see high levels of activity on other sites actually affecting operations on your site if it’s hosted on shared servers.

    It’s also plausible for a very slowly moving scan to hold up other processes, or a high volume of live traffic activity where an IP is constantly trying your site creating a lot of wfhits entries, so that could be consistent with a performance hit.

    Check if max_execution_time = 60 is set in php.ini. Wordfence’s scan only ever attempts to use half of this value by default but there have been known problems with higher values than 60 being set.

    For a screenshot of my recommended Performance setting options too – Click Here.

    Your WP_MEMORY_LIMIT should be set to 128M or 256M in wp-config.php. WooCommerce, for example, recommend 64M minimum, so if you also have many hits on the site at once especially during a Wordfence scan, a lower limit (like 40M commonly seen here) could be reached fairly easily. Your php.ini memory_limit value could also be adjusted to match the value you decide on for the above setting.

    With general performance, there are not set amounts of RAM, CPU or database queries that we know Wordfence will definitely require in each use-case or hosting environment. The cases of slow-down are small in relation to the quantity of customers using Wordfence, but does crop up from time to time with certain configurations, larger databases, and/or a higher number of installed plugins.

    Let me know what you find out!
    Peter.

    Thread Starter marketingspectrum

    (@marketingspectrum)

    Thanks for your reply @wfpeter ,

    A few hours after my message Wordfence 7.10.0 was released and I haven’t hit the 100 since.

    Saw in the changelog:
    Fix: Prevented deprecation warning in PHP 8.1

    Could that be it?

    For full disclosure:
    – I’m on a silo based server, not shared (Dedicated CPU / RAM)
    – Doublechecked my settings:
    — PHP 8.1
    — Memory limit 1024Mb
    — max_execution_time 60
    — max_input_vars 1000
    Checked the settings you shared and they are the same.

    Ran a scan and I now hit 96% not the 100%. So that’s an improvement.

    Questions left:
    – I now checked the ‘use low resources scanning’. Is there a reason not to do so?
    – Is PHP 8.2 recommended? Couldn’t find that in the doc just that is was tested.

    Thanks for your time!
    Regards, Michael

    Thread Starter marketingspectrum

    (@marketingspectrum)

    Sadly the limit was hit yesterday again.
    So 7.10 wasn’t the ‘fix’

    Plugin Support wfpeter

    (@wfpeter)

    Hi @marketingspectrum, thanks for your update.

    You could certainly attempt to enable “low resource scanning” here to see if it helps in your case. It should effectively slow down the amount of hits, so it may take longer depending on the amount of files/records being scanned.

    Some customers in the past have noticed issues on specific minor releases of PHP 8.0 or 8.1, so it might be worth trying PHP 8.2 if it’s available to you.

    Let us know how that goes,
    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘100% CPU usage in scan – errors’ is closed to new replies.