Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

WordPress site hosted in Plesk is slow. Lots of log entries: “POST /xmlrpc.php HTTP/1.0” 499

 
apachecpugohackinghacking attack

Symptoms

  • WordPress site is very slow.

  • There is a lot of entries in the log file /var/www/vhosts/example.com/logs/proxy_access_log :

    203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
    203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
    203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
    203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
    203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

  • The affected website may cause high CPU usage:

    # top -c
    1180 jdoe 20 0 20864 4280 3436 S 70.7 0.4 0:00.20 php-fpm: pool example.com
    1223 jdoe 20 0 38396 2628 2016 S 88.8 0.3 0:01.07 php-fpm: pool example.com
    1443 jdoe 20 0 29072 2404 6404 S 60.6 0.2 0:00.00 php-fpm: pool example.com

  • Many Apache processes are spawned:

    # pidof httpd
    62997 62996 62995 62994 62977 62976 62959 62710 62707 62705 62703 62702 62701 62700 62682 62681 62680 62663 62662 62645 62616 62581 62580 62579 62569 62568 62554 62520 62412 62411 62409 62408 62407 62406 62405 62381 62379 62378 62377 62359 62358 62344 62077 62075 62073 62072 62071 62067 62064 62060 62059 XXX-XXXX-XXXX-2026 62024 62023 62005 62003 61999 61987 61707 61598 61585 61547 61500 61499 61487 61486 61467 XXX-XXXX-XXXX-1372 61338 61312 61311 61310 61309 61287 61286 61273 61252 61195 61089 61088 61087 61086 61068 61067 61054 61003 60977 60946 60894 XXX-XXXX-XXXX-0890 60874 60873 60858 XXX-XXXX-XXXX-05...

  • Apache may fail with the following error in /var/log/httpd/error_log:

    server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting

Cause

Hacking attack via XML-RPC requests.

Resolution

Use one of the following solutions:

  • Disable XML-RPC for the instance


  • Secure WordPress instance with a plugin like WordFence or JetPack. They will block malicious requests to the file xmlrpc.php. Both plugins are available for free in WordPress Plugin Catalog.

    1. Log in to Plesk.

    2. Go to WordPress > example.com > Plugins tab and click Install:
      plug.png

    3. Type in the plugin name in the search bar and install it:
      plug2.png

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

How to Host a Go App on Plesk

Read More »

Your Complete .htaccess Guide: Including .htaccess Basics and More

Read More »

NGINX vs Apache – Which Is the Best Web Server in 2024?

Read More »
Knowledge Base

Slow performance of website hosted on Plesk for Linux server: Load Average value is higher than CPU cores count

Read More »

 Website pages based on WordPress show “404 Not Found” when PHP-FPM by Apache is used

Read More »

WordPress website displays error 403 intermittently: access forbidden by rule request: “POST /xmlrpc.php on Plesk server

Read More »

An operation or a script that takes more than 60 seconds to complete fails on a website hosted in Plesk: nginx 504 Gateway Time-out

Read More »

Hosting Wiki

  • Django
  • Server Redundancy
  • Google Cloud CDN
  • Bare Metal Server
  • PhpMyAdmin
  • phpPgAdmin
  • Oracle VM Server
  • Server Virtualization Software
  • Windows Server
  • Linux
  • PHP
  • MongoDB
  • HTTP/3
  • HTTP/2
  • WordPress
  • Plesk
  • Lighttpd
  • Apache Tomcat
  • Apache
  • Web Server
  • DNS Server
  • HTTP
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family