Knowledge Base

WordPress site hosted in Plesk is slow. Lots of log entries: “POST /xmlrpc.php HTTP/1.0” 499

Symptoms

WordPress site is very slow.
There is a lot of entries in the log file /var/www/vhosts/example.com/logs/proxy_access_log :

203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
203.0.113.2 - - "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
The affected website may cause high CPU usage:

# top -c
1180 jdoe 20 0 20864 4280 3436 S 70.7 0.4 0:00.20 php-fpm: pool example.com
1223 jdoe 20 0 38396 2628 2016 S 88.8 0.3 0:01.07 php-fpm: pool example.com
1443 jdoe 20 0 29072 2404 6404 S 60.6 0.2 0:00.00 php-fpm: pool example.com
Many Apache processes are spawned:

# pidof httpd
62997 62996 62995 62994 62977 62976 62959 62710 62707 62705 62703 62702 62701 62700 62682 62681 62680 62663 62662 62645 62616 62581 62580 62579 62569 62568 62554 62520 62412 62411 62409 62408 62407 62406 62405 62381 62379 62378 62377 62359 62358 62344 62077 62075 62073 62072 62071 62067 62064 62060 62059 XXX-XXXX-XXXX-2026 62024 62023 62005 62003 61999 61987 61707 61598 61585 61547 61500 61499 61487 61486 61467 XXX-XXXX-XXXX-1372 61338 61312 61311 61310 61309 61287 61286 61273 61252 61195 61089 61088 61087 61086 61068 61067 61054 61003 60977 60946 60894 XXX-XXXX-XXXX-0890 60874 60873 60858 XXX-XXXX-XXXX-05...
Apache may fail with the following error in /var/log/httpd/error_log:

server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting

Cause

Hacking attack via XML-RPC requests.

Resolution

Use one of the following solutions:

Disable XML-RPC for the instance
Secure WordPress instance with a plugin like WordFence or JetPack. They will block malicious requests to the file xmlrpc.php. Both plugins are available for free in WordPress Plugin Catalog.
1. Log in to Plesk.
2. Go to WordPress > example.com > Plugins tab and click Install:
3. Type in the plugin name in the search bar and install it:

Related Posts

How to Host a Go App on Plesk

Your Complete .htaccess Guide: Including .htaccess Basics and More

NGINX vs Apache – Which Is the Best Web Server in 2024?

Knowledge Base

Slow performance of website hosted on Plesk for Linux server: Load Average value is higher than CPU cores count

Website pages based on WordPress show “404 Not Found” when PHP-FPM by Apache is used

WordPress website displays error 403 intermittently: access forbidden by rule request: “POST /xmlrpc.php on Plesk server

An operation or a script that takes more than 60 seconds to complete fails on a website hosted in Plesk: nginx 504 Gateway Time-out

Hosting Wiki