Wordfence – CPU issue with exhaustive scans – COMMANDDUMP

Wordfence has some default scans which run hourly.   On many systems this works well.  In at least one case we found a situation where Wordfence was running hourly scans on some VERY large libraries at the same time on multiple sites on the same server.

A fix was implemented for this,  but in the time that it took us to recognize this issue,  we came up with the following command which helped to kill the CPU hog so we could continue to use the WordPress websites.

 

 kill `apachectl fullstatus|grep wordfence_doScan|awk '{print $2}'`

Some of the ways you can find out that the issue is occuring is by running some of these investigative commands

  • apachectl fullstatus|grep wordfence – how many concurrent scans are running
  • mysqladmin  processlist|grep wf – the number of insert / update / select commands against Word Fence tables
  • vmstat 1 – run a monitor on your system to see how active you are
  • uptime – see your 1 , 5 and 10 minute loads

 

How are WordPress installs getting hacked?

Our friends at WordFence wrote an article today about a survey they recently ran showing that over 55% of all WordPress hacks are through plugins and more than 15% are from Brute Force attacks.

Credit: WordFence article

Credit: WordFence article

The Managed WordPress Service by Matraex is a diligent oversight of your WordPress installation.  We provide constant monitoring with weekly in depth review keeping your sight up to date.

Out of Date Plugins

To deal with out of date or insecure plugins we have some rather simple solutios

  1. Update or replace with an updated secure plugin
  2. Rebuild the plugin
  3. or when neither of those are an option, plug known holes, and backup regularly.

Brute Force

To deal with the plethora of Brute Force login attempts we

  1. Block all IP addresses that attempt to login with an invalid username
  2. Block all IP addresses if they make 2 failed login attempts

We consider anything less to be a security hole,   we even built a WordPress Website Check tool identify whether a site is vulnerable to brute force attempts.

 

Find out more about our Managed WordPress Service.

 

The Managed WordPress Hosting 6-Point Check

The Managed WordPress Hosting 6-Point Check

Our Managed WordPress Hosting service has features such as emergency data restoration and software updates. An important block of the Service includes a 6-point check for items that are often red flags to deeper problems. Managed WordPress HostingFor example, checking Google for blacklisting or hacked status tells us that the website has further problems to investigate and address.

This is an example of such a case. Google and other search engines aren’t compelled to contact you or to help you if your website is in a compromised state. Google’s Webmaster Tools can be used to declare ownership of the website. In this case, you are likely to receive an automated email but it must be set to do so. This is all you will receive. Just an email and you must take further action. If your website is compromised your search engines results will pay for it. This will increase in severity as time passes. Eventually, the website is blacklisted and completely removed from Google. Ouch.

In my article detailing the Top 3 Reasons You Need A Managed WordPress Service, I discussed the importance of having a human that regularly monitors the status and health of your website.

Our 6-point check includes:

  1. Search engine health
  2. Changelog scans
  3. Internal Malware scanner
  4. External Malware scanner
  5. User Account Checks
  6. Pages/Posts Checks

Again, the 6-point check is in addition to our deeper maintenance routine and is an additional layer of protection for our clients websites.

Changelog Scans

The Changelog scans give us an insight into suspicious activity on the system. Changelog analysis often assist us in discovering malicious activity on the webservers. They help us to identify vulnerabilities as well. Hackers and their script bots are relentless in ferreting out any little opening that they can exploit. System administrators must be diligent and ever watchful. If a hacker penetrates a system, he/she can wreak havoc. This will cost a website owner quite a lot of time and money. Not to mention the possible damage to the brand of the business.

Defend your website(s) with our Managed WordPress Hosting Service!

 

Managed WordPress Hosting Service

 

Top 3 Reasons You Need A Managed WordPress Service

Top 3 Reasons You Need A Managed WordPress Service

Managed WordPress Service

Regular monitoring

Any number of problems can arise with a WordPress website. It is important to have a human regularly monitoring your WordPress website. With a Managed WordPress Service, you will have any number of technical staff regularly monitoring your website. Every website on the Internet is vulnerable to a long list of issues from hackers to hardware failure. No system is impermeable and even external events can take a website down such as network router failures.

Freedom to Focus

With a Managed WordPress Service, you don’t have to spend your valuable time dealing with any technical issues. This allows you to do what matters, that is build your content and audience. How can you spend your valuable time on SEO or building new content for your website when you have to deal with technical trouble or malware. An analogy I like to use is that you want to focus on driving your car, not working on the engine.

Expert Support

As a blogger or business person, you should not have to be a technical expert at WordPress. With a Managed WordPress Service, you get a team of experienced WordPress experts that support you when trouble arises.

What sort of trouble should you be concerned with? Malware, hackers, software bugs etc. Many people aren’t aware that almost every WordPress website on the Internet is probed for vulnerabilities and password guessing, all the time. The content or popularity of the site doesn’t matter. Hackers just want to get into your system so they can use to it trick Google and other search engines into helping their money websites.

Having a team of WordPress experts on your side saves a lot of time and money for a low-cost investment.

Matraex Inc., offers an affordable Managed WordPress Service with regular monitoring, hacker/malware defense and removal service, schedule reports, and emergency updates/security patches. Contact us for a free quote!

Call Now Button(208) 344-1115

SIGN UP TO
GET OUR 
FREE
 APP BLUEPRINT

Join our email list

and get your free whitepaper