Couple Questions

ok thank you. I have now finished updating the code for WP Super Cache into the box for BPS. Hopefully this now fixes the issue & I will keep an eye on it. I updated all the sites which is about a 3 hour process, so hopefully the server does not go down again. If it does, I can follow the above uninstall steps which unfortunately will not be quick or easy since I have to apply to so many sites.

It would be smarter to look at your server log and php error log to see what the problems are when they are occurring. You need logical facts and clues to work with. You cannot solve a problem if you do not know what is causing the problem.

You mentioned you have wordfence installed and wordfence is known to cause high resource/memory usage. I believe you can change settings in wordfence to prevent that, but not sure which settings those would be be. Try Googling “wordfence out of memory” and you will see lots of search results. I assume one of them will list which wordfence settings cause that problem.

Thanks again for all your time & help. The server remained online for 51 hours & then went down again twice in the last 8 hours. I am back to the drawing board trying to get access to the logs to see what the issue can be.

Simply just use Mod Security along with CSF OR setup a password protected /wp-login.php and forget about all this nonsense ??

This will work for Mod Security

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp

SecRequestBodyAccess On

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
    # Setup brute force detection.

    # React if block flag has been set.
    SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"

    # Setup Tracking.  On a successful login, a 302 redirect is performed, a 200 indicates login failed.
    SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
    SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
    SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</locationmatch>

ErrorDocument 401 default

Set your 401 error (via .htaccess) to goto a html file that tells the hacker to p*ss off ??

@xlightwaverx – he does not know what the root problem is yet so adding more complications/problems will not help with finding the root cause of this problem.

This thread has been resolved, but we still receive email notifications when a new post is created in a thread that has been resolved. So if/when you do figure out what is going on with this site/server please post that info. Thanks.

Thread Start Date: 9-24-2015 to 9-25-2015
Thread Resolved/Current Date: 10-6-2015
Comments: This is some kind of isolated issue/problem with this particular website/server and not an issue/problem with the BPS plugin itself.

ok no problem @ AITpro. Thank you again for your time. I will keep you posted if we find out what the issue is.