HostGator blocked my website because of Wordfence

Hi Barb,

We would like to help. So that we can better assist would you kindly send us an email at [email protected]. We look forward to your response and hope that you enjoy the rest of your day.

Hi @barb-carlson,

I’m sorry you’re having this problem. I can understand how frustrated you feel.

I hope HostGator now unlocked your site and restored your access.

Here are a few steps you could take in order to limit the use of resources:

• Disable Live Traffic View
• Enable the “Use low resource scanning feature”

Also could you try and get detailed information from your hosting provider on the “abuse of resources”?

This is the email I got. I deleted Wordfence (which is making me unhappy) and they released my website. HostGator offers an “optimized WP” service that flat out doesn’t allow Wordfence. I’m unsure how to keep my website safe without over using resources. I’m also unsure how I was supposed to KNOW I was using too many resources, as the only email I got was when they shut me down. Is there something on the cPanel I’m supposed to check regularly? Is there any way to be notified when I go over? I asked HostGator repeatedly but they haven’t answered me.

Wordfence has blocked so MANY attempts that I’m afraid to leave it unprotected, but I cannot risk having the website be blocked again right now, at the height of accepting registrations for our event on Aug 4.

Any advice would be appreciated.
—————————–
Your account has been abusing CPU resources for an extended period of time and has been disabled in order to ensure continued performance stability of the account and server. While we do limit each account to no more than 25% of a system’s CPU in our terms of service, we do not actively disable accounts until they greatly exceed that number, which is what happened in this case.

Please take a moment to review this email in full as it contains important information and resources to assist you in resolving this issue. Please note that this permanent restriction requires you take further actions to gain access to and resolve the issues on your account.

– How can you resolve the issue?
We have two solutions available. Moving the account to a dedicated server, which will allow far greater hardware resources or you may try following some of our tutorials for optimizing popular scripts. https://support.hostgator.com/articles/specialized-help/technical/optimize-cpu-resource-usage. If you feel your scripts have already been optimized, it may simply be time to consider the hardware upgrade.

If you reply back to this email with your IP address (https://www.hostgator.com/ip.shtml) we will be more than happy to go ahead and enable HTTP access for you, allowing you to safely work on the script while minimizing the negative effects on the server and its other users.

– How does a CPU issue occur?
Many times popular scripts may perform inefficient tasks repeatedly leading to CPU abuse. Below please find helpful articles outlining resource restrictions set on HostGator accounts:
https://support.hostgator.com/articles/pre-sales-policies/rules-terms-of-service/cpu-resource-restriction
https://support.hostgator.com/articles/pre-sales-policies/rules-terms-of-service/cpu-resource-usage

CPU Seconds used in the past hour: 2695.8, 75% CPU
Fri Jul 7 00:02:10 CDT 2017
Running Processes:
parsec99 409995 47.2 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 72.6 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Running Queries:
*************************** 1. row ***************************
USER: parsec99_1ol1
DB: parsec99_1ol1
STATE:
TIME: 3
COMMAND: Sleep
INFO: NULL
*************************** 2. row ***************************
USER: parsec99_1ol1
DB: parsec99_1ol1
STATE:
TIME: 8
COMMAND: Sleep
INFO: NULL

Open connections

Current Site Requests:
183.39.233.194 parsec-sff.org /
192.185.21.67 parsec-sff.org /confluence/wp-admin/admin-ajax.php?action=wordfence_doScan
192.185.21.67 parsec-sff.org /confluence/wp-admin/admin-ajax.php?action=wordfence_doScan
192.185.21.67 parsec-sff.org /confluence/wp-admin/admin-ajax.php?action=wordfence_testA
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&c
192.185.21.67 parsec-sff.org /wp-admin/admin-ajax.php?action=wordfence_testAjax
54.210.134.185 parsec-sff.org /lecture-series/future-ya-lectureworkshop/feed/

Reference: ui
Server: gator4022.hostgator.com
Brand: hostgator
Srv. Type: cpanel
Created: Sun Jul 27 11:00:32 2014
Acct Type: Shared
Plan: Baby Croc
User: parsec99
U. Domain: parsec-sff.org
Email: [email protected]
IP: 192.185.21.67 (shared)

Doc Root: /home2/parsec99/public_html
Shell: /usr/local/cpanel/bin/jailshell

CPU Usage: 120.7% (warning)
LimitPHP: Limit file exists. (warning)
Varnish: parsec-sff.org is cached. (warning)
Varnish: confluence-sff.parsec-sff.org is cached. (warning)
Varnish: *.parsec-sff.org is cached. (warning)
Varnish: confluence.parsec-sff.org is cached. (warning)

Snapshot 1
parsec99 409995 47.2 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 74.3 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Snapshot 2
parsec99 409995 47.2 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 74.7 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Snapshot 3
parsec99 409995 45.6 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 67.8 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Snapshot 4
parsec99 409995 45.6 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 68.3 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Snapshot 5
parsec99 409995 45.6 0.1 372536 71496 ? SN 00:01 0:12 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php
parsec99 410939 68.8 0.1 371588 70632 ? RN 00:02 0:06 /opt/php56/bin/php-cgi /home2/parsec99/public_html/wp-admin/admin-ajax.php

Current load: 00:02:11 up 15 days, 23:53, 1 user, load average: 0.03, 0.01, 0.00

I have decades of experience in exactly what you are posting about… Hosting a WordPress website on a shared server with low bandwidth allowance is an art. Around 50% of website traffic these days is not even people, it’s bandwidth sucking bots that we all pay for, most of which are operated by criminals. This is a reality you can’t get past. Even with Wordfence or a server firewall, the bots still hit your site and server, only they get blocked sooner. Still uses bandwidth.

You have two options. Either spend literally hundreds of hours learning and doing things to make your site super efficient, or simply pay for upgraded hosting.

In the interim, if you follow website security best practices I wouldn’t be overly concerned about whether you run Wordfence or not, just be sure you have multiple types of redundant site backups.

Hosting is like a lot of things. You get what you pay for. No free lunch.

I hope this reality check helps.

MTN

Exactly the same thing happened with us. Same automated email. Same 120% CPU usage problem (not bandwidth, which is unlimited on hostgator’s packages) – carbon copy of the problem above. Only happened with hostgator hosting though on which we have 3 sites – 2 of which are active. I have identical site templates operating with Godaddy and no issues at all (both premium and free wordfence editions). In fact I had 4 scan running simultaneously on godaddy (where we have 10 active sites) and not a blip. I’ve disabled all the instances of wordfence on our hostgator hosting account until a fix is announced. Relying on BPS security instead. Clearly this is an incompatibility between hostgator’s webhosting packages, and wordfence free, since the last update. Hostgator were very good about getting the sites back up, but this really needs looking at folks.

Apologies for conflating everything under the term “bandwidth.” From day to day, I include CPU use in my own definition, but yes, technically “bandwidth” would be the amount of data moving, not the amount of CPU use…

Whatever the case, with any host there are dozens of server configuration options, including PHP version and how it’s set up, that influence how software such as Wordfence runs. On a shared server, very few of those options are available to the end user, and tech support’s hands are tied as they can’t tweak anything out of their standard since doing so influences every account on the server. That’s why anything but the most basic and low traffic WordPress site probably is best with their own VPS server, from a company with good support.

If Godaddy does a better job, then perhaps it’s best to just use Godaddy. Hostgator sounds like a recipe for pain.

MTN

I use Wordfence with SiteGround, and I haven’t had this issue. In fact, I know SiteGround recommends using Wordfence. I have also used it with GoDaddy without any issues. (In my experience with building about 20 WordPress sites, SiteGround is a lot faster than GoDaddy or HostGator.)

(I’ve had all kind of issues with HostGator before, which ended in them telling me to close out my accounts and find a different host when they refused to pay affiliate fees and “accidentally” deleted one of my sites.)

I’ve been on everything from Media Temple, to Blue Host, to GoDaddy, as well as a smaller company who were nice but just couldn’t hold up their end. Ended up at Liquid Web with a VPS. Couldn’t be happier. The better hosts such as Liquid will move sites without additional charge. They moved 6 WordPress sites for me, and I moved a few other flat html sites myself since doing so is easy. No real problems occurred. Liquid’s tech support really is 24/7, I use it quite often. Only surprise gotcha was Liquid charging ridiculous rates to store backups, as compared to storage on Amazon AWS. Just plain strange. MTN