Shared hosting account problem diagnosis?
 

When there is a problem on a shared hosting account where lots of your own blogs are located, too much CPU usage, any tips on diagnosing the site it's coming from?

contact your host and they will tell you?

They prefer to suspend the whole thing, they just give general tips on speeding things up, but there seems to be a new cause out of nowhere

for any normal sys admin its just 1 minute of work - to tell where is the problem exactly..they want to kick you out...just buy some cheap VPS and move on

I have some other hosting accounts too, including a decent VPS, just wanted to see if there was a quick solution without doing the move as all my stuff there is a clusterf**k

It's been a long while since I relieved myself of these issues but if you're running a lot of PHP scripts on shared it's likely most of the problem.

Have a number of wordpress blogs and some HTML sites there. One mystery is that a relative was creating a wordpress blog there, not sure if it's got a bit heavy

My guess is you have all of your WordPress installs under the same user. One, or more, got exploited and it's leaking throughout all of your sites and the whole shared server. I'm surprised they haven't already turned your account off.

Your best bet is to get a VPS and move each blog over one by one, under different users, completely cleaning as you go. This is an extremely tedious task but once one user is exploited, the nuclear option is your only real fix.

Pro Tip: WordPress is NOT "set and forget." If you use WordPress on any sites, you need to actively keep it up-to-date or disaster will strike.

there is a plugin named automatic updates :winkwink::winkwink::winkwink:

:1orglaugh:1orglaugh

There are tons of automatic tools. None of them are 100% fool proof. ;-)

Not if, when. WordPress' new slogan.

With us, we can check the daily process and apache logs to track it down some. PHP can block which actual files are overloading and just say PHP though. In that case it's really tricky.

In my experience, not having caching added to a WP blog and too many posts on one page are the biggest culprits.

Its gonna be very hard to find the issue if you don't have root access and see whats up. With share hosting you rely and your host pretty much for them to tell you whats wrong where

Believe me it was like the greatest shit and piss ever taken.

As I said its been awhile but if remember correctly I had to install a php compiler of sorts yo lighten my process loads. But this isn't something you can do on a shared. I had a dedicated but was running a little over 100 city portals all built on joomla and them some.

on your wordpress installs, try using P3 (Plugin Performance Profiler) to see if it can find any issues.

And then it mysteriously went away, after Hostgator did something, but they never communicated what it was. I do see they've made a change to every htaccess file on the account

I think there was a virus in there which they don't want to tell me about

Seems like with a shared account our business in the hands of the Gods

I suppose it might be something to do with xmlrpc, as this is one thing that will put server on its knees when someone try to break in via api login on xnlrpc.php. I see how it looks like when thousands bots trying to guess credentials it looks like mini DDOS, and most of the bots are hosted on amazon aws, it is hard to blacklist all those IPs.

Google this https://www.google.nl/search?dcr=0&e....0.Kd-LVKt53s0

and my recommendation is to forbid direct access from public on this file xmlrpc.php via htaccess if you are not using api access, and most people don't.

This appeared on htaccess

<Files 403.shtml>
order allow,deny
allow from all
</Files>

they might be blocking wpsite.com/xmlrpc.php on apache config level you have no access on shared hostings and this in htaccess might be something that it is needed after that.

try this url on your wp site wpsite.com/xmlrpc.php and see outcome if output is blank of forbidden than access to xnlrpc.php file was denied but if you see

XML-RPC server accepts POST requests only.

than it is something else and my opinion is that you should consider deny access to xmlrpc.php on every wp unless you use it but anyway if you are using it you have ability to give access to IP's of other sites you use for api access and deny to generic public

... and your paranoia leaks into yet another aspect of your life.

Never have anything that matters, isn't instantly portable & backed up daily on VPS.

Make your problems our responsibility. Let us compete for your business! Free white glove move assistance.

Brad