Wordfence – CPU issue with exhaustive scans – COMMANDDUMP

Wordfence has some default scans which run hourly.   On many systems this works well.  In at least one case we found a situation where Wordfence was running hourly scans on some VERY large libraries at the same time on multiple sites on the same server.

A fix was implemented for this,  but in the time that it took us to recognize this issue,  we came up with the following command which helped to kill the CPU hog so we could continue to use the WordPress websites.

 

 kill `apachectl fullstatus|grep wordfence_doScan|awk '{print $2}'`

Some of the ways you can find out that the issue is occuring is by running some of these investigative commands

  • apachectl fullstatus|grep wordfence – how many concurrent scans are running
  • mysqladmin  processlist|grep wf – the number of insert / update / select commands against Word Fence tables
  • vmstat 1 – run a monitor on your system to see how active you are
  • uptime – see your 1 , 5 and 10 minute loads

 

Top 3 Reasons You Need A Managed WordPress Service

Top 3 Reasons You Need A Managed WordPress Service

Managed WordPress Service

Regular monitoring

Any number of problems can arise with a WordPress website. It is important to have a human regularly monitoring your WordPress website. With a Managed WordPress Service, you will have any number of technical staff regularly monitoring your website. Every website on the Internet is vulnerable to a long list of issues from hackers to hardware failure. No system is impermeable and even external events can take a website down such as network router failures.

Freedom to Focus

With a Managed WordPress Service, you don’t have to spend your valuable time dealing with any technical issues. This allows you to do what matters, that is build your content and audience. How can you spend your valuable time on SEO or building new content for your website when you have to deal with technical trouble or malware. An analogy I like to use is that you want to focus on driving your car, not working on the engine.

Expert Support

As a blogger or business person, you should not have to be a technical expert at WordPress. With a Managed WordPress Service, you get a team of experienced WordPress experts that support you when trouble arises.

What sort of trouble should you be concerned with? Malware, hackers, software bugs etc. Many people aren’t aware that almost every WordPress website on the Internet is probed for vulnerabilities and password guessing, all the time. The content or popularity of the site doesn’t matter. Hackers just want to get into your system so they can use to it trick Google and other search engines into helping their money websites.

Having a team of WordPress experts on your side saves a lot of time and money for a low-cost investment.

Matraex Inc., offers an affordable Managed WordPress Service with regular monitoring, hacker/malware defense and removal service, schedule reports, and emergency updates/security patches. Contact us for a free quote!

Remove WordPress Generator Tags: Powered by Visual Composer – drag and drop page builder for WordPress

Remove WordPress Generator Tags: Powered by Visual Composer – drag and drop page builder for WordPress

When using a WordPress theme that uses the ‘Visual Composer’,   a meta tag

  • Powered by Visual Composer – drag and drop page builder for WordPress

Is displayed on the output of each of your pages.

You can  use a tool like our WordPress Website Tool to see what generator meta tags are exposed by your WordPress installation

Since one of our initiatives here at Matraex, Inc while optimizing WordPress websites, is to remove the telltale signs of a WordPress installation,  we need a way that we can easily remove these tags.

We already have a plugin that we install into each of the WordPress websites that we manage which helps us to optimize each of them so we had a quick place we could add custom code to handle the removal.

This gives us a more reliable way to customize the output, without having to worry about the settings within different plugins.

We added the following code which removed the Visual Composer Generator Tag

add_action('init', 'optimize_fixwp_head', 100);
function optimize_fixwp_head() {
   remove_action('wp_head', array(visual_composer(), 'addMetaData')); 
}

Once you have added this,  you can do a very quick check to see that the meta tag has been removed using our WordPress Website Tool .  
The tool will also help you identify whether you have any other common WordPress exposure issues.

 

In researching the way to implement this thanks to :

 

 

WordPress Website Check Instant tool 3 feedback areas

WordPress Website Check Instant tool 3 feedback areas

When working with WordPress websites, there are three main areas we assess within the first few seconds, speed, security and exposure. To help us quickly do this, we built a tool, WordPress Website Check Instant tool 3 feedback areas, which pulls this information quickly and puts it into a single interface.

WordPress Website Check – http://matraex.com/website-check.php

While each of the three areas of speed, security and exposure go much deeper than this small scan, we are able to see some very important metrics very quickly.

Three Checks

Speed

We can see the download speed,  the size of your home page,  the number of external CSS files and the number of external scripts.   This helps us to see how well the site has been optimized.  Typically wordpress websites are made up of a Theme with enabled capabilities,  as well as a number of plugins.  Each of the capabilities and plugins will often have their own stylesheets and script files which can add up to a bloated website.

Security

WordPress websites are the subject of frequent hack attempts.  Website scanners quickly find WordPress sites that have their admin and login scripts exposed.  The scanner identifies the scripts.  If the scripts do not block access after a number of failed attempts (with the username ‘admin’ and then with a random username)  the script fails.

Exposure

WordPress websites often publish their version number as well as details about which plugins it uses.  This information ideally is private and if possible should be kept private.  When vulnerabilities in these tools are found,  this is an advertisement to exploit your site.

The results can be saved and a link will be sent to your email so you can permanently have access to the results

The tool is our way of checking a site within seconds,  and we offer it free.   Our hope is that others find this useful ad will come to Matraex, Inc for their Website Development, Design, Hosting and Security needs.

Matraex, Inc
208.344.1115

 

 

WordPress Website Check Instant tool 3 feedback areas

Call Now Button(208) 344-1115

SIGN UP TO
GET OUR 
FREE
 APP BLUEPRINT

Join our email list

and get your free whitepaper