CPU spikes and wp-admin/plugin-install.php?

Home Forums BulletProof Security Pro CPU spikes and wp-admin/plugin-install.php?

This topic contains 4 replies, has 2 voices, and was last updated by  Rami M 5 months, 1 week ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #37264

    Rami M
    Participant

    Hi,

    I am seeing these CPU spikes (shared hosting) and I don’t have any of those plugins installed. Could it be somebody is scanning site for known vulnerabilities? And how can I block those requests using BPS pro?

    Thanks.

    PID CMD CPU MEM
    8745 lsphp 0% 7
    8747 lsphp:.../public_html/wp-admin/plugin-install.php 18% 43
    8749 lsphp:.../public_html/wp-admin/plugin-install.php 8% 43
    8750 lsphp:.../public_html/wp-admin/plugin-install.php 11% 45
    8751 lsphp:.../public_html/wp-admin/plugin-install.php 11% 43
    8752 lsphp:.../public_html/wp-admin/plugin-install.php 10% 43
    8753 lsphp:.../public_html/wp-admin/plugin-install.php 9% 43
    8761 lsphp:.../public_html/wp-admin/plugin-install.php 9% 41
    8763 lsphp:.../public_html/wp-admin/plugin-install.php 17% 43
    8764 lsphp:.../public_html/wp-admin/plugin-install.php 13% 43
    8774 lsphp:.../public_html/wp-admin/plugin-install.php 23% 43
    Database Queries Snapshot
    CMD Duration SQL-query
    No data
    HTTP Queries Snapshot
    Method Duration URL
    GET 22.2s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=process-steps-template-designer&TB_iframe=true&width=600&height=550
    GET 21.8s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=shortcodes-elements&TB_iframe=true&width=600&height=550
    GET 21.8s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=post-link-shortcodes&TB_iframe=true&width=600&height=550
    GET 21.8s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=display-during-conditional-shortcode&TB_iframe=true&width=600&height=550
    GET 21.6s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=dobsondev-shortcodes&TB_iframe=true&width=600&height=550
    GET 21.6s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=intelliwidget-elements&TB_iframe=true&width=600&height=550
    GET 21.6s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=black-studio-tinymce-widget&TB_iframe=true&width=600&height=550
    GET 21.5s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=acf-repeater-flexible-content-collapser&TB_iframe=true&width=600&height=550
    GET 21s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=wp-testing&TB_iframe=true&width=600&height=550
    GET 21s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=mp-timetable&TB_iframe=true&width=600&height=550
    GET 21s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=luckywp-table-of-contents&TB_iframe=true&width=600&height=550
    GET 20.9s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=post-my-contact-form-7&TB_iframe=true&width=600&height=550
    GET 20.9s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=intelliwidget-per-page-featured-posts-and-menus&TB_iframe=true&width=600&height=550
    GET 20.7s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=art-decoration-shortcode&TB_iframe=true&width=772&height=574
    GET 19.6s http://....com/wp-admin/plugin-install.php?tab=plugin-information&plugin=custom-content-shortcode&TB_iframe=true&width=772&height=574
    GET 17.5s http://....com/wp-login.php?redirect_to=https%3A%2F%2F....com%2Fwp-admin%2Fplugin-install.php%3Ftab%3Dplugin-information%26plugin%3Demail-subscribers%26TB_iframe%3Dtrue%26width%3D600%26height%3D550&reauth=1
    #37265

    AITpro Admin
    Keymaster

    This is something you are going to need to ask your web host about, but take into consideration that applications/tools/utilities that monitor and report resource usage spikes tend to make things appear to be a problem when in fact a problem does not actually exist.  I have found in my experience that these types of resource usage applications are not accurate whatsoever and portray an exaggerated picture of resource usage “spikes”.  Also it is very common for hosts to try and upsell you to a higher costing hosting package based on the results of these types of resource usage monitoring applications/tools/utilities.  So when you ask your host about what you are seeing what you really want to know is if your website performance is actually really affected negatively.  You can check your own website performance using online website speed testing websites such as Google PageSpeed Insights, Pingdom or GTmetrix.

    These do not appear to be malicious or suspicious requests to the /wp-admin/plugin-install.php WordPress file.  What I suspect is being inaccurately seen by your resource usage monitoring application is that the /wp-admin/plugin-install.php WordPress file makes a connection to the WordPress API server to check things like plugin versions.  ie if plugin updates are available for a particular plugin, etc.  And is counting the API connection process to wordpress.org inaccurately.

    #37266

    Rami M
    Participant

    Many thanks for your reply. Hosting confirmed those are soft limits not to worry about as long as I don’t see processes being killed.

    I am more concerned about all these calls. They include names of plugins not present (only one plugin from the list was there. My previous cloud firewall reported that plugin having malicious code, but I removed the install and did a clean WP install).

    Are these calls still not worrying?

    Thanks.

    #37268

    AITpro Admin
    Keymaster

    Yep, the plugins would not need to be present.  These are internal requests from your website (not external requests to your websites) to the WordPress API server.  Technically there is not really an official “request” going on here.  I assume you went to the WordPress Plugins Add New page where plugins are listed that are in the WordPress Plugin Repository on the wordpress.org site that can be installed from your website.  In order to list available plugins your website makes a request to the WordPress API server for plugins stored in the WordPress Plugin Repository.  I am keeping the explanation very dumbed down since going into technical details is not really necessary to do.  Bottom line these “requests” are completely normal and nothing to worry about.

    #37269

    Rami M
    Participant

    Many thanks for your help and for the simple explanation.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.