Website very slow to load

HI there, I had an issue earlier on today, where the sites on this multisite weren't showing (nor the main site), this was resolved via support chat. Now I am finding that all the sites on this multisite are taking forever to load. It has taken over 10 minutes to login to the main dashboard. (I was going to check my Defender settings). Can you please investigate and see what is causing the issue please? The CPU keeps going up to 100% and back down again.

  • Ellen
    • Design Lord, Child of Thor

    Hi Ash

    It seems to have resolved itself, and I was able to login and make some changes to Defender, in case this was due to hackers trying to get in! I have noticed that I am getting hundreds of failed logins, so now I have set defender to permamently lock out anyone who fails after 3 attempts. Do you think this will solve the issue permanently?

    Regards

    Ellen

  • Nithin
    • Support Wizard

    Hi Ellen,

    Sorry for the delay in getting back to you. It seems like the website is loading fine at the moment, I don’t see any issues in specific in the PHP logs about the website going offline in general.

    I ran a Defender scan in your website, and it seems to list out 10 suspicion files from the Defender Pro scan. Most of the plugins file listed seems to be falsely positive, but one of the index.php file listed in the following path:

    /wp-content/uploads/bbpowerpack/index.php

    Looks infected, maybe that would explain the reason for the issue. Seems like it’s part of the Beaver plugin, but the content of the index.php file looks infected.

    Such issues normally occur if there are any outdated plugins in general, I could notice a similar issue was reported in here too, where the Beaver plugin was infected:

    https://wordpress.org/support/topic/wf-critical-nobodycrew-backdoor/

    Checking your website dashboard I could notice the Page Editor plugin which is part of Beaver, has a pending plugin update. If the plugins aren’t up to date there are chances of such issues to occur too. I have deleted the mentioned file and updated the Page Editor plugin.

    There are files listed in Defender Scan from LayerSlider, Gravity Forms plugin, TablePress, and Secure File Manager plugin which seems to be a false positive, however, to double check whether they are clean.

    Would recommend you to install a fresh copy of the latest version of these listed plugins, and re-run a new Defender Scan. Even after that if the scan still lists out the same files it would be a false positive which you can ignore by clicking the “Ignore” button in Defender scan results.

    Please do let us know how that goes so that we could give a closer look if needed.

    Kind Regards,

    Nithin

  • Ellen
    • Design Lord, Child of Thor

    Hi Wpmudev

    Many thanks again for all your help thus far – I’ve updated all plugins and now just waiting to hear back from Gravity Forms if the file is a baddy or not.

    In the meantime I have another question; I can see from my Defender log that I am getting thousands of failed login attempts; despite me changing the settings to permanently lock out anyone after 3 failed attempts to login. This is probably causing my sites issues if they are constantly being bombarded. Is there anything else I can do to help prevent these hacking attempts? Ideally I don’t want to set 2 step authentication as I have quite a few clients who would find this hard to use.

    Any help would be much appreciated! xxx

  • Ellen
    • Design Lord, Child of Thor

    Hi WPMUdev – my sites are all down again (on the same multisite) – can anyone please see why this is happening, as I have done all the Defender bits and it’s still not working as it should be! I seem to have a lot of downtime happening. Please help asap as I have some quite important clients on this multisite and they’re going to move from me if the sites keep going offline! Thanks in advance, Ellen x

  • Nithin
    • Support Wizard

    Hi Ellen,

    Apologies for the delay in getting back to you, due to high queue on our forums. Seems like your website is loading fine now, so I suppose you have fixed that aspect.

    Regarding the website loading very slow, did you install the fresh copies of the plugins? And re-ran a Defender Scan to double check the website is clean, and there isn’t any malware causing the delays?

    If yes, could you please please enable support access to your website, so that we could give a closer look, and check further about what else could be slowing down the website?

    You can grant access from WPMU DEV > Support > Support Access > Grant Access, or check this manual: https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    Please let us know once you enable access so that we could get this sorted. Have a nice weekend.

    Kind Regards,

    Nithin

  • Ellen
    • Design Lord, Child of Thor

    Hi there Nithin

    Thanks for getting back to me; yes all plugins up to date. New scan showed no issues. I would be really grateful if you could look into why it’s slow compared to similar multisites on wpmu dev hosting.

    All the best

    Elle x

  • Ellen
    • Design Lord, Child of Thor

    HI Nithin

    the site has been offline 3 times in the last 24 hours, each time for about half an hour and still very slow to load, and to do anything within it. Can you please see if you can find the issue asap as my customers are getting really concerned over the speed etc and the amount of downtime. Many thanks, Ellen x

  • Ellen
    • Design Lord, Child of Thor

    Hi all, I installed Wordfence and discovered that this multisite has had over 100 MILLION attacks in the last 24 hours! Hence the CPU is going crazy! What can be done about this?!!!

    Hope you can help, regards Ellen

  • Nithin
    • Support Wizard

    Hi Ellen,

    I checked the Defender logs, under Defender Pro > IP Lockouts > Logs, and could notice most of the IP are 404 Detection. I have reduced the locked threshold from 20 to 5, under Defender Pro > IP Lockouts > 404 Detection, which should ensure to ban such IPs much easily.

    Also, if the website is only meant for the visitors in the UK, you can enable Country restriction and block other countries from access which should help with preventing these bots from accessing the website. You’ll have to 1st download the GEO IP database as seen in the following screenshot to enable countrywide blocks:

    Would also recommend enabling Masked Login Area, under Defender Pro > Advanced Tools, which should allow you to rename the default login URL /wp-admin so that it wouldn’t be easier for the bots to find the dashboard URL. Please do note, once the masked Login Area is changed, you’ll have to login via the new URL you have set via the Masked Login Option.

    Regarding the website loading slow, could I know whether you notice the issue specifically with loading pages in the dashboard side only, or it occurs even in the frontend too?

    Please do make the above-mentioned changes, to see how that goes, so that we could give a closer look with the site speed.

    Kind Regards,

    Nithin

  • Ellen
    • Design Lord, Child of Thor

    Hi Nithin

    Thanks for your reply, sadly the site is for worldwide visitors, not just UK.

    Does the masked login area work for multisites? I would need each mapped domain to still login to their domain dashboard rather than to the multisite main dashboard.

    Re. loading speed its front end too – everyone who uses it is saying how slow to load it is.

    I’m still getting many millions of attacks per 24 hours; is there nothing elseyou can do server side to prevent them?

    All the best

    Ellen

  • Nithin
    • Support Wizard

    Hi Ellen,

    Does the masked login area work for multisites? I would need each mapped domain to still login to their domain dashboard rather than to the multisite main dashboard.

    Yes, masked login area should work fine with multisite, and for mapped domains, and shouldn’t restrict the login to only the main dashboard. It should allow you to login via the mapped URL too. Suppose the mask login is “mydesk”, and the mapped domain URL is abc.com, then the login URL would be abc.com/mydesk

    I’m still getting many millions of attacks per 24 hours; is there nothing elseyou can do server side to prevent them?

    Because Masked Login hasn’t been enabled yet. Please do enabled it, and check that goes.

    Seems like support access to your website is no longer enabled. Could you please either enable support access or share your websites login credentials so that we could check other aspects of slow website load too.

    You can send credentials by using our secure contact form: https://premium.wpmudev.org/contact/#i-have-a-different-question

    – To Mark to my attention, the subject line should contain only: ATTN: Nithin Ramdas

    -WordPress admin username

    -WordPress admin password

    -login URL

    -FTP credentials (host/username/password)

    -link back to this thread for reference

    -any other relevant URLs

    Please do follow up on the ticket once you have sent the above credentials. Have a nice day. :slight_smile:

    Kind Regards,

    Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.