Ripefruit

  • About Us
    • About Us
      • Acceptable Use
      • Privacy Policy
      • T & C
    • Contact Ripefruit
    • In Progress
    • Not For Profit
    • Business Partnerships
  • What We Do!
    • Advertising
    • Publications
  • Clients
    • Billing
    • Client Login
    • Resources
      • Friends
      • Service Status
    • Support
  • IT Talk
    • Domain Names
    • Hosting
    • Internet
    • Search
    • Services
    • Software
    • Technical
  • Contact Us
    • Contact Us
    • Site Map
You are here: Home / IT Talk / Software / Fixing Wordpress Speed Issue

Fixing WordPress Speed Issue

One of the negatives about open source software like WordPress is that it becomes an easy target for hackers and spammers.

We were experiencing speed issues as a result of high loads on our server with several services struggling to cope.

We identified that a number of WordPress installations were receiving a lot of traffic to the admin login page (wp-login.php), which indicates some attempted brute-forcing.

The number of login attempts was staggering: Here are the hits to ‘wp-login.php’ from one day alone:

Login attempts | domain name (hidden)

15 domainname01.com.au
17 domainname02.com
18 domainname03.com.au
19 domainname04.com
20 domainname05.info
22 domainname06.com.au
22 domainname07.com.au
22 domainname08.com.au
23 domainname09.org
46 domainname10.com.au
75 domainname11.com.au
94 domainname12.org
267 domainname13.com.au
502 domainname14.com
837 domainname15.co.uk
1515 domainname16.com.au
12159 domainname17.com.au

Quite often people will try to fix these issues or secure their installations by installing plugins that will try to block these brute-forces.
While this may secure the installation, it does nothing for the load generated by these requests as PHP is still invoked and has to process the request, do database lookups and block IPs, all of which consume CPU time. This is magnified as the requests generally come in quick succession.

Instead of this, what I recommend is to block access to the wp-login.php file completely using .htaccess “deny” rules. Once access it completely removed, you can allow specific IPs which you trust, while keeping everyone else blocked. By using .htaccess it means the request gets denied before it even gets to PHP, dramatically reducing the load caused by the requests.

To implement a block, just open up the main .htaccess file for a site and add the following lines to the top of the file:

<Files wp-login.php >
order deny,allow
# allow from x.x.x.x
deny from all
</Files >
ErrorDocument 403 Forbidden

To allow a legitimate IP, uncomment (remove the hash symbol) the “allow from x.x.x.x” line, and replace x.x.x.x with the IP you want to allow

  • download code here

These requests may not be the sole reason for the load spikes, but they will definitely be causing additional load and consuming CPU time which is better served in processing legitimate requests, especially with busy sites.

FAQ .htaccess

If you have not worked with a htaccess file before you will need to read on.

The htaccess file is one of the best things about php, unix hosting and wordpress.  It is a very easy file to work with provided you follow the following ‘must-do’s’.

There are so many things that can be achieved with a htaccess file including blocking and redirection.

  • the file must be named period.htaccess (.htaccess) no file extension
  • it can be edited in notepad or any simple page editor file
  • it must be uploaded and downloaded in ASCII
  • the htaccess file is located in the root directory.  Unix hosting means in /public_html/.htaccess
  • if you have enabled ‘permalinks’ then there will already be a .htaccess file created.  To create the login blocking described above, download the htaccess file (FTP, ASCII), and add the code above the existing code.  Download Code here
  • Google “whats my IP” to discover your IP Address
Post Views: 8

Also See..


  • WordPress Admin Protection
  • The BEST WordPress Security Plugin of all time
  • Could not copy file: wordpress
  • Best WordPress Security Fix
  • #1 WordPress Plugin: Cache Plugin

Recent Posts

  • Hostjacking: Hosting & Domain Name Hijacking
  • Google: Content wider than screen FIXED
  • Managing SPAM 2022: SpamBully

About Brian King

Managing director and senior editor at Ripefruit Media




RIPEFRUIT

PO Box 12728, Franklin Street,
Melbourne VIC, Australia. 8006

  • Contact Us
  • IT Talk
  • Publications
  • Site Map
  • Web Design
  • WordPress




Latest Articles

  • Hostjacking: Hosting & Domain Name Hijacking
  • Google: Content wider than screen FIXED
  • Managing SPAM 2022: SpamBully
  • spamrl.com – UN-Reputable Blacklist
  • How to Block Repeat Spammers

Tip Of The Day

Always choose the sweetest

RIPEFRUIT

RIPEFRUIT MEDIA

  • Advertising
  • Partners
  • Website Network
  • Contact Us
  • About Us
  • What We Do!
  • Clients
  • IT Talk
  • Contact Us

Copyright © 2023 · Ripefruit | Billing | Support