New wordpress website with woocommerce continous HIGH cpu usage

I jave installed brand new wordpress 5.2 +
latest woocomemrce plugin
contact form 7
eWay plygin
Paypal plugin

The server gets contoinous requests from out ips when connected to dashboard or other pages like products, and leave pages idle

in visitors page from cpanel we have this sort of requests..
/wp-json/wc/v4/products?low_in_stock=true&page=1&per_page=1&status=publish&_locale=user
/wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user
/wp-json/wc/v4/admin/notes?order=desc&orderby=date&page=1&per_page=1&type=info%2Cwarning&_locale=user
/wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user
wp-json/wp/v2/users/me?context=edit&_locale=user
.....and keep repeating
Server load is big for what it should be
178719 bettylee 20 0 531036 48904 22484 S 12.6 0.2 0:02.10 php-fpm: pool bettylee_com_au
178846 bettylee 20 0 527280 44996 22464 S 11.0 0.2 0:00.36 php-fpm: pool bettylee_com_au
178828 bettylee 20 0 529904 47664 22476 S 10.3 0.2 0:00.91 php-fpm: pool bettylee_com_au
178717 bettylee 20 0 531036 48792 22480 S 8.3 0.2 0:01.93 php-fpm: pool bettylee_com_au
178841 bettylee 20 0 527280 45036 22484 S 8.3 0.2 0:00.35 php-fpm: pool bettylee_com_au

Upgraded php and mysql to latest
mysql 5.7 php 7.3

any help would be appreciated as this thing is driving me mad :slight_smile:

  • Ash
    • WordPress Hacker

    Hello Isaia

    I never used that eway and paypal plugin, so not sure if they collect data from woocommerce store. I am saying because the requests you mentioned are from rest API. How's about if you just disable both of them, keep woocommerce active and check by then? Also, are you using any woocommerce specific theme? If so, then try activating default theme. This is how you will be able to find out if your theme or any specific plugin is causing this issue.

    Let us know how it goes. Have a nice day!

    Cheers,
    Ash

  • Isaia
    • Flash Drive

    i do not think has anything to do with those plugins, in exchange it has to do with some scripts on the page at post editing, maybe?

    i consider that is a problem with woocommerce plugin itself and WordPress, not properly telling client page that he is logged off, and page keep trying hammering Server with some requests while remaining open.

    looking below at what happened is, a lot of requests from one of our ips, what have some pages open on some posts and the client is flooding server with requests probably to connect and do something, maybe save, or other data exchange between client and server.
    and obviously, the server is responding with 403. but this 403 operation is doing a lot of damage CPU related.

    158.140.255.204
    /wp-json/wc/v4/products?low_in_stock=true&page=1&per_page=1&status=publish&_locale=user
    6/10/19, 7:15 PM
    74
    error 403
    GET
    HTTP/1.1
    https://bettylee.com.au/wp-admin/post.php?post=31&action=edit
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
    158.140.255.204
    /wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate&_locale=user
    6/10/19, 7:15 PM
    74
    error 403
    GET
    HTTP/1.1
    https://bettylee.com.au/wp-admin/post.php?post=31&action=edit
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
    158.140.255.204
    /wp-json/wc/v4/admin/notes?order=desc&orderby=date&page=1&per_page=1&type=info%2Cwarning&_locale=user
    6/10/19, 7:15 PM
    74
    error 403
    GET
    HTTP/1.1
    https://bettylee.com.au/wp-admin/post.php?post=31&action=edit
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
    158.140.255.204
    /wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user
    6/10/19, 7:15 PM
    74
    error 403
    GET
    HTTP/1.1
    https://bettylee.com.au/wp-admin/post.php?post=31&action=edit
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
    158.140.255.204
    /wp-json/wp/v2/users/me?context=edit&_locale=user
    6/10/19, 7:15 PM
    74
    error 403
    GET
    HTTP/1.1
    https://bettylee.com.au/wp-admin/post.php?post=31&action=edit
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36

    I have blocked respective IP for 2 days while testing, the moment we blocked the ip sending requests, everything went back to normal.

    I am not considering this problem solved, there is definitely a problem there, (a bug) and if anyone has experience with this problem and is willing to help would be good.

  • Nithin
    • Support Wizard

    Hi Isaia,

    Glad to hear blocking he 403 requests from the IP have temporarily resolved the issue. Maybe you could check whether the following would help, or not:
    https://stackoverflow.com/questions/54051155/403-error-in-woocommerce-rest-api-put-request
    https://wordpress.stackexchange.com/questions/291211/403-forbidden-with-gutenberg
    https://github.com/WP-API/Basic-Auth/issues/35

    Other than that, I'm afraid it's tough to say what exactly would be causing without troubleshooting the system further. That would include the steps like only keeping WooCommerce plugin activated, and checking whether the 403 error could be replicate etc

    This would give a better idea where exactly the issue is located, and report to WooCommerce support if you could confirm it's a bug, or not too.

    Kind Regards,
    Nithin

  • Isaia
    • Flash Drive

    after further testing I found the following:

    Using a standard stock WordPress and woocomerce plugin, Logged in and left the page open on
    https://arkpc.com.au/wp-admin/edit.php?post_type=shop_order
    No orders yet in the store!

    i noticed a huge server load this morning and i had a look to find out the problem, and i found the following:

    1000 errors in google chrome console:

    Failed to load resource: the server responded with a status of 403 (Forbidden)
    /wp-json/wc/v4/admin/notes?order=desc&orderby=date&page=1&per_page=1&type=info%2Cwarning&_locale=user:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
    /wp-json/wp/v2/users/me?context=edit&_locale=user:1 Failed to load resource: the server responded with a status of 403 (Forbidden)

    this obviously is a bug in woocomerce or WordPress, not sure, not 100% where i should post this so anyone with proper technical knowledge gets on to this bug and fixes it.
    any help appreciated.

    I have to say that this happened while using Chrome Browser and the page was not in focus,

    Anyone's help appreciated.

  • Nithin
    • Support Wizard

    Hi Isaia,

    this obviously is a bug in woocomerce or WordPress, not sure, not 100% where i should post this so anyone with proper technical knowledge gets on to this bug and fixes it.
    any help appreciated.

    If you can confirm the website was tested with only WooCommerce plugin enabled, and still getting 403 errors. Would highly recommend you to check with your hosting provider 1st to ensure whether there isn't any blocking in the host side regarding these requests.

    Did you check the links posted in the previous reply regarding editing the .htaccess to see whether it resolves the issue?

    If your host could confirm there isn't anything blocked from their side, then you could report bugs in the WooCommerce Github:
    https://github.com/woocommerce/woocommerce/issues

    Or via the WooCommerce Support forums:
    https://wordpress.org/support/plugin/woocommerce/
    https://woocommerce.com/contact-us/

    Kind Regards,
    Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.