Search code examples
wordpressresourcessystem

Wordpress site receives requests multiple times from same IP

My site is receiving about 10 requests at once that increases CPU resources usage to 100%. i diagnosed through Terminal using htop or ps -faux commands it shows below process 10 or more times at once.

/opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/myusername/public_html/wpsite.com/index.php

Then i verified who is requesting for so many times with below code adding in index.php file on my wordpress website's root directory.

$ip = $_SERVER['REMOTE_ADDR'];
$data = 'IP: '.$ip.' REF: '.$_SERVER['HTTP_REFERER'].PHP_EOL;
$fp = fopen('/home/myusername/public_html/wpsite.com/chk.txt', 'a');
fwrite($fp, $data);

Onward i visited all of my pages one by one (home, category, single product, contact etc) i found my IP and the Referral page as i navigated which seems fine, as one request for each. but after a while i'm able to see 8,10,15 requests at once from same IP.

IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com
IP: 157.47.79.209 REF: refweb .com

i'm not sure why it's happening. is it wordpress theme's fault or it's normal to make requests to index.php in such amount? Please advise what i can do to get it fixed. Thank you

Solution

  • In short yes, there are multiple things that lead to this:

    • Bots trying automatically brute force the backend, which is normal since they automatically detect if your site is wordpress.
    • Crawlers from search engines
    • Referral spam
    • ...

    Since you have to realize that this all happens automatically it's always good to use a Firewall (at server or at application Level). They will ban traffic like that. Moreover good passwort security and so on should be always there.