SQL stats - my primary site is being HAMMERED - HELP!

I have no idea why, but in the last month, my site’s SQL usage has DRAMATICALLY increased… it’s caused me to go way over the host’s acceptable range; I’ve attached an image of just ONE day’s SQL activity… this is on a site running CP 1.7, if that’s any help at all.

Based on articles on the host, I just installed a caching plugin (I didn’t have one running before), installed MEMCACHE in the php.ini file, etc., etc.

Does ANYONE have other ideas on how to reduce the SQL usage footprint?

On a 28-day basis, this same report in the image is showing over 25 MILLION queries???

Do you have visitor statistics?
Query monitor can help you to find what is hitting your database.

Seems like bots are attacking your website…on the other hand, we have DDoS attacks for days now :frowning_face: so that could be a combined case? :thinking:

On the other hand, it could be a problematic plugin that causes this nightmare.

You might be getting a lot of spam traffic, but most traffic shouldn’t even touch the database if you have set up page caching (and maybe object caching).

With page caching, HTML static pages will be served, so there is no reason to execute DB queries.

If you don’t have any caching plugins, consider using a simple Cache Enabler plugin. For CP v1.x, use Cache Enabler v1.7.2. For CP v2.x, you can use the latest version.

Viktor - I just installed Cache Enabler on v1.7.2 - it comes up with the following:

" Cache Enabler requires WordPress 5.1 or higher to function properly. Please update WordPress or disable the plugin."

What’s up with that?

Question for you - is it (at all) possible that someone has actually “hacked” the database? Is that possible? Despite having a cache plugin installed (mini Orange’s WP Security), the CPU usage is ramping up every hour! If that’s true, re-installing the DB wouldn’t do any good would it, because I’d then have to restore from a backup, which could have whatever is hacked in the DB? Just asking, because I really can’t figure out what’s causing this

The code doesn’t have any functions from WP 5+ but it looks like they add a message requiring WP 5.1. After a few tests, v1.4.0 of the plugin doesn’t have this warning.

Although possible, I doubt it’s hacked. Spam traffic with bots is usually the culprit of high resource usage (CPU, memory, or database queries). Caching should help eliminate most of the db queries,

Thanks, viktor! I just installed 1.4.0… does it usually take a couple of days for the caching to slow down the traffic, or do you know?

Now you got me curious…can you please install Log HTTP Requests – WordPress plugin | WordPress.org and check the log results in Tools > Log HTTP Requests (see screenshot below):


If it’s a plugin that causes the problem, it should become obvious there from its activity.

Just installed moments ago; this is all it’s showing right now… what does it tell you?

Are you using a plugin that uses https://redirect.li/ behind the scenes?

AH! Here are what seem to be some LONG delays… but, they’re just to the main site link… any idea what could be causing those 403 errors? Cache, maybe?

Ah, I don’t know… how would I determine if I had such a plugin running? (https://redirect.li, I mean)?

It’s hard to tell, because I’m facing a similar 403 situation with a website that prevents me from posting or editing articles via Gutenberg and the reason is accessing content(s) via REST API of course!

Now what prevents it and causes the forbidden 403 message, I cannot tell…one scenario might be user / group permissions; another might be corrupted file; another might be a service such as CloudFlare that enables WAF firewall for its users.

Logically the simplest route to follow would be your web server’s log files; in there you should see the full path of your plugins that are trying to access, edit, etc etc a specific file.

Your website has many errors behind the scenes…I have the impression you have a problem with security and probably a malware somewhere within your website’s hosting server’s directory.

I had to interrupt the scanning process because I was getting only 403 messages which is technically a severe problem with your website.

Update: :rofl: your server blocked me!

Ah, l suspect the 403’s are because the ADMIN on the server advised me to put something in the .htaccess file that would cause the 403 error, because he said the 403 errors don’t count against my CPU usage quota… if you have the time, could you examine my .htaccess file (I’ll send it to you here, if you’d like)… if you don’t have time, no problem… I appreciate your help so far on this!

Sure thing, if I can help that is, but by all means I’m not an expert in Apache but I will do my best; my web server of choice is NGINX.

Previous message contained sensitive info data from a security perspective, deleted by Dick

Try to delete it completely because it retains history and leave a new message Previous message contained sensitive info data from a security perspective, deleted by Dick