What for malware Scheduled Actions is in the plugin?

Hello there,

I wouldn’t agree with you about naming Action Scheduler as being a malware. It is widely used among a huge number of sites, and this library is embedded inside WooCommerce, WPForms, WP Mail SMTP – to name just a few of the big players. Also, it loads itself only once even when used in a lot of plugins on the same site.

The Action Scheduler library is operational and used only if you have enabled the “Usage Tracking” option in plugin settings. This option is disabled by default. If enabled – it helps our team to better understand our users and their website needs by looking at a range of variables in their plugin settings, WordPress (its version, locale, whether it’s a single install or a multisite), and web host (PHP and MySQL versions).

I hope that helps!

Hello Slava,
many thanks for the prompt and very detailed report.

Unfortunately, Action Scheduler is much more malware than you think: once it activated it schedule itself for every minute action, even if it’s nothing to do. It starts with occupying all memory displacing all other processes and makes a lot of SQL requests. it happens every minute!! Until I cleaned my site out of this malware the initial server response was 7s, now it’s 1.1s.
Another thing with this malware is that it’s imposible to stop it: it recreates immediately by itself. It’s imposible just to remove it – it generates WP core error.

So, even when you don’t track the site Action Scheduler acts against site, slowing it down.

Probably, sites that serves hundreds and thousands requests a minute, can be interrupted once a minute without a problem, but sites that acts on a shared hosting slow down up to be blocked by search engines (Google, Yandex and others).

it recreates immediately by itself

I think you are talking about DB tables. That’s what Action Scheduler (AS) does – to make itself work properly it recreates tables that are missing. If it happens, that means one of the plugins that are installed on your site is actually using AS. And by removing AS tables you are breaking those plugins.

Also, just to clarify some of your notes: AS is a wrapper around a WordPress wp-cron functionality. It cannot do any work on your site unless someone opens one of your pages, same as wp-cron:

WP-Cron works by checking, on every page load, a list of scheduled tasks to see what needs to be run. Any tasks due to run will be called during that page load.

And that’s exactly what AS does.

I agree that AS itself can slow the site down, but only in 2 cases:

1. when it is incorrectly used
2. when there are tons of plugins that use AS and all of them register a ton of tasks for it to do.

I remember that in the past there were several situations when some plugins were generating thousands and thousands of tasks – but that’s not a problem of AS, it’s a problem of those plugins having a bug in their code.

I’m pretty sure that the speed improvement you mentioned (from 7s to 1.1s) was not just about removing AS, but deactivating the plugins that were using this library plus maybe some other changes. Even the famous small useless plugin called “Hello Dolly” is technically slowing down any site it is activated on.

You know, if you have a hammer, that doesn’t mean that everything is a nail ?? Tools (and AS is just a tool) should be used correctly.

Hi Slava,
many thanks for clarifying your understanding of how AS works.

You are write, AS sponge wp-cron, that originally acts when a request comes to server. This is exactly the problem with AS, that set every-minute wp-cron task where it (every minute!!!):
– allocates the whole server memory (it takes time) displacing all from it,
– checks the DB structure (these DB requests takes time) (no one of other plugins of core functions never check DB structure every time it use it),
– checks wp_cron tasks and if it deleted – restores it (so, it’s imposible to stop AS acting even if it’s not used)
– some actions more for itself

– then memory return for useful php (and it takes time again to reload php and caches)

If you think that such activity is not malware – just clarify me what is malware in your understanding.

In mu case, I spent a lot of time to investigating why my site is so slow that google and yandex informed me that they crossed it out from search list. Once I found that every server request starts with extra activity I found just 1 plugin (it is SEO plugin that destroys all SEO for sites) that uses AS. As I hacked it to avoid AS activation my site improved response from 7s to 1.1s

I can repeat, that sites that optimized for hundreds requests per minute can not to be under influence of AS activity (big woocomerce site, for example). It is as with any malware: until hardware is powerful it’s very difficult to notice a malware by it’s activity. But once one get it on netbook – it’s even more than noticeable. The same happens with shared hosted sites.

Your plugin is great but it brings malware that your plugin even don’t use.
So, unfortunately, I have to state that ?PDF Embedder currently is mortal danger for sites. I’m sorry.

But I believe that you avoid AS in the upcomming upgrade and the plugin will be even better and safe!

You cannot input any actions or settings for this plugin?
This in itself deems it malware. My CPU and RAM have shot up and caused site failure and costs to me from auto upgrading when this happens. THERE should be a deactivate button, but there is not, so MALWARE this is.

Hello @kpdavis,

I’m not sure I understand what you wrote.

The Action Scheduler (AS) right now is used only when the Usage Tracking inside the plugin is activated.

With the latest version of PDF Embedder v4.8+ that AS library is not even loaded by default (because usage tracking is disabled by default). So AS is not affecting your site in that case at all. There might be other plugins that are creating a ton of tasks for AS, and they are loading their own copy of the AS library.