High CPU Usage by index.php

Anyone, please help


It’s weird but it seems that this user has code injection, can you cat index.php please

You can also track the process with the following command cat /proc/$proid/environ or cmdline you can see more documentation on how to track it here

If you give me more information I can help you

<?php /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ define( 'WP_USE_THEMES', true ); /** Loads the WordPress Environment and Template */ require __DIR__ . '/wp-blog-header.php';

the index.php file looks healthy, check the other files associated with wordpress, this is to rule out vulnerability, another option is that you have a bottleneck and you must adjust variables to generate cache… you can use mysqltunner for this, however first that nothing is to see the content of the entire installation, please send a capture of the ls -lha in the path /home/user/

I think I misexplained the ls -lha send it to the root of the user that has the bit of threads index.php I want to see what you have here /home/dainikbabomb.com/ and in /home/dainikbabomb.com/public_html

what you sent me is the content of the root, so that you are in context in the htop that you passed you can see that the user with problems that the daini8801 reflects you if we know that it is running there we can decipher what happens

Sorry, I am not technical.

I recommend you deactivate the waf plugin that plugin consumes a lot it is only activated in case of emergency if you need security you can use wpcore or wpscan or sucurisitecheck it is possible that the failure is mostly due to poor performance, it would be a question of seeing more thoroughly but no looks like something from cyberpanel

what do you have in the .htaccess??

order deny,allow deny from all allow from allow from Require ip # END GOTMLS Patch to Block XMLRPC Access

BEGIN WordPress

The directives (lines) between “BEGIN WordPress” and “END WordPress” are

dynamically generated, and should only be modified via WordPress filters.

Any changes to the directives between these markers will be overwritten.

RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]

END WordPress

Wordfence WAF

php_value auto_prepend_file '/home/dainikbombabomb.com/public_html/wordfence-waf.php' php_value auto_prepend_file '/home/dainikbombabomb.com/public_html/wordfence-waf.php' Require all denied Order deny,allow Deny from all

END Wordfence WAF

How strange but I don’t see this directive in the .htaccess of your domain, to be honest I would have to see more in depth or in detail the behavior of the system.

You see something of sysadmin at the backend performance level, it doesn’t look ugly but I can’t guarantee anything. I would like more information

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

If you are using wordfence, please disable it. Wordfence consumes hell lot of server resources making the server always busy.

can you paste here what is your plugin :slight_smile: the active one

i use tagdiv newspaper too…