CPU Overload on an IIS Servers

If you are reading this article, you may have an account that has  received an Terms of Service violation (ToS) and you would like to learn how to resolve it. A Terms of Service violation means that your account or a portion of your account, has caused an overload on our IIS server. With in a shared environment that we must maintain at a certain level of performance, so all customers may benefit from the server resources. This performance is monitored and balanced by our administrators to ensure stability. To ensure the stability of the IIS server we were forced to temporarily block part of your account.

In order to get access restored you must contact us by phone, chat or the help desk ticket that is related to the overload. Before contacting us to restore access we strongly recommend to take appropriate actions in order to solve the cause of the overload and prevent it from happening in the future.

There are two main causes of an overload: increased amount of visits and outdated application(s). A properly coded website can handle increased number of visits without significant server load. In the same time scripts that have not been optimized, can cause the issue even with a few ones. Now just imagine what happens when number of such website visits somehow increased dramatically. Problem may be impact of your recent website updates or it may literally occur without any changes from your side at all. Here are some of the most common causes for overloads:

- DDoS and brute-force attacks against website
- Non optimized applications or scripts
- Compromised account
- Large number of simultaneous connections to Access database
- Websites incompatible with shared web server

Issues Caused by Non Optimized Applications or Scripts?

Our statistics show that popular PHP based applications like WordPress and Joomla head the abusive top-list. If your application is not the one from the mentioned above, you can use the same following basic recommendations in almost every case:
-update your application and its components to the latest available version.
-turn off unused plugins/modules.
-configure caching, if possible.
-prefer functionality and stable performance rather than cool/wow factor.
-reduce requests from bots.
You may try using the following request in your search engine to find more specific tips for its optimization by entering the following: “[application name] optimization”. Rarely, the problem can also be caused by your own scripts,  if this is your case and you are not comfortable optimizing your web site, we strongly recommend  contacting  a professional web developer who is familiar with that CMS and knows what exactly should be done in order to optimize your code.

  •  WordPress 

Even out of the box WordPress installation can be quite resource retentive without appropriate tweaks. Here are some things to look for and do with in WordPress:

-Install P3 plugin. Often, the overload is caused by heavy or poorly configured plugins, or too many of them installed. There is a P3 plugin that creates a profile of your WordPress plugins performance by measuring their impact on your site’s load time. By using this plugin, you can narrow down anything that causes a high server load and slowness on your site, as well. Prefer plugins for functionality rather than cool/wow factor.  Some plugins imposes a significant cost in terms of resource and performance.

-Check the theme. If plugins are working properly, you may want to test  your website with a different theme. Themes can include codes with plugin capabilities inside the theme’s function.php file, so everything what applies to plugins can apply to the theme as well. Also, themes may use excessive JavaScript or image files, causing  pages to load slowly because of the huge amount of data to transfer and/or the number of HTTP requests used. WordPress comes with a default theme and it’s best used to test the site if your theme is the suspect for poor performance. If you discover that your theme is causing the slowdowns, you can use the Firebug tool for your browser to debug the problem.

-Install a WP Super Cache plugin. This is the most important thing you can do to reduce the CPU load and reduce the site load time, even more important than running the latest version of WordPress and plugins. Each time a page is displayed, WordPress must render the page dynamically. Adding a cache will render those pages into static content. Make sure you turn on the compression if it is off by default. This can speed up the response time dramatically. Note that this plugin requires permalinks and you won’t be able to activate this plugin on Windows platform until the following actions are taken:

You must create a file 404-handler.php in your base WordPress folder with the following code:

<?php
$qs = $_SERVER['QUERY_STRING'];
$pos = strrpos($qs, ‘://’);
$pos = strpos($qs, ‘/’, $pos + 4);
$_SERVER['REQUEST_URI'] = substr($qs, $pos);
$_SERVER['PATH_INFO'] = $_SERVER['REQUEST_URI'];
include(‘index.php’);
?>

  • Open “Web Options” section of your hosting plan control panel. Select a domain, find “Error” in the list of options and click “Add” button next to it.

-Set your own 404 error page to point to the 404-handler.php URL by selecting next parameters:

  • Error Document Code: 404|File or directory not found.
  • Choose the document type: URL
  • Path to Custom Error page: path relative to your domain folder, for example /wordpress/404-handler.php

-Go to WordPress Settings -> Permalinks in your WordPress admin page, and set the following custom structure for your links:

/%year%/%monthnum%/%postname%.html

-This file structure will allow you to save additional server resources.
Once this is done, navigate to WP Super Cache Settings and make sure the “Caching On” parameter is selected. A good starting point for the “Cache Timeout” parameter (can be found at Advanced settings of the plugin) is 3600 seconds.
You can verify that caching works fine by right clicking  your mouse button on any frontend page of your website and selecting “Check source code/Inspect Element”. You should see the following two line towards the bottom of the page:
<!– Dynamic page generated in 0.440 seconds. –>
<!– Cached page generated by WP-Super-Cache on 2015-08-27 05:59:04 –>

-Point your domain to CloudFlare. It will help you make the website load faster and protect it against online spammers and hackers. Among other features and monitoring tools, CloudFlare provides you with an ability to automatically minimize the size of CSS, JS, and HTML. By reducing the number of CSS and JS calls and the size of those files, you can improve the site loading speed. This service gives you an ability to set up your own firewall rules for blacklisting abusive IPs and bad bots or white listing trusted IPs. **Note in order for CloudFlare to work properly you must install a CloudFlare plugin for WordPress. It is very important that this step is done to resolve a ToS violation.

-Make sure to keep external scripts to a minimum. The usage of external scripts on your web pages adds a big chunk of data to your total loading time. Thus, it is best to use a low number of scripts, including only the essentials, such as tracking tools (like Google Analytic) or forums (like Disquz!).

-Disable pingbacks and trackbacks. Pingbacks and trackbacks are two main WordPress components that alert you whenever your blog or page receives a link. It might sound useful, but you also have things such as Google Webmaster Tools and other services to check the links of your website. Using pingbacks and trackbacks can also put an undesirable amount of strain on your server resources. This is because when someone tries to link up to your site, it generates requests from WordPress back and forth. This functionality is widely abused when targeting a website with DDoS attacks. You can turn it all off in WP-Admin -> Settings -> Discussion. Just deselect “Allow link notifications from other blogs (pingbacks and trackbacks).” This will also help you to speed up your website.

-Minimize the number of HTTP requests. You can reduce the number of HTTP requests by using fewer images or placing all images in one large image and positioning them with CSS, fewer JavaScript, and fewer CSS files (usually meaning fewer plugins). Also use the CSS Sprite generator to move all your images into one image and then use CSS background-position to display them. This will cut your number of HTTP requests significantly.

-Optimize image sizes. Optimizing images  are often overlook (made smaller), and it can significantly reduce the loading time. It can be easily done in several clicks with WP Smush plugin. Plugin strips hidden, bulky information from your images, reducing the file size without losing the quality.

-Reducing Spam. Spam comments take up a lot space in your database. You should setup the pre-installed Akismet plugin properly to catch those comments and prevent them from going live on your site and additionally to discourage spammers from posting to  your site. Setting up Akismet is pretty simple.  You will need to register for an Akismet API key on the Akismet website using your WordPress.com account. Next thing you want to do with Akismet is check the box in the Akismet settings that says “Auto-delete spam submitted on posts more than a month old”. Of course, you can manually empty the spam queue anytime from the ‘comments -> spam’ section.

-Update WordPress and Plugins. This should be obvious but update WordPress and all your plugins to the latest versions, making sure your plugins are compatible with the the version of WordPress you are running. If you don’t keep all your plugins and WordPress itself updated, chances are that your site will get hacked and causes strain on the server . It isn’t a rule, but older versions of plugins are generally more vulnerable to attacks. Not only that, newer versions of plugins are in most cases, better optimized faster and more secure with fewer to no bugs. This is critical for both the security and performance.

-Disable Heartbeat API. Heartbeat API allows WordPress to communicate between your browser and the server to allow auto saving, post locking, login expiration warnings, etc. It sounds great in the theory, but anytime a web-browser is left open on a page using the Heartbeat API, there is a risk of sending excessive requests to /wp-admin/admin-ajax.php, which can lead to high CPU usage. To reduce your server load, we can recommend disabling this feature.

-Disabling Heartbeat everywhere is the most effective in terms of reducing CPU usage and the most preferable. Locate your active theme’s functions.php file. Make its copy to create a backup of that file. Then modify the original functions.php file and add the code towards the top, after the opening <?php tab:
add_action( ‘init’, ‘stop_heartbeat’, 1 );
function stop_heartbeat() {
wp_deregister_script(‘heartbeat’);
}
Don’t forget to save your recent changes.

-Disable XML-RPC requests. WordPress uses an implementation of the XML-RPC protocol in order to extend functionality to software client. Some clients such as WordPress Mobile Apps and Blogger use XML-RPC requests to function, but most people don’t need it. To prevent attacks on xmlrpc.php file, add the following line at the end of wp-config.php file:
add_filter(‘xmlrpc_enabled’, ‘__return_false’);
It should be added after the following line:
require_once(ABSPATH.’wp-settings.php’);

-Reduce requests from bots. You can instruct search engines on how they should crawl your website, by using a robots.txt file. When a search engine crawls a website, it requests the robots.txt file first and then follows the rules within that file. It’s important to know that robots.txt rules don’t have to be followed by bots, and they are a guideline. An example of robots.txt for WordPress is installed in the root of your domain:
User-agent: *
Crawl-delay: 30
Disallow: /cgi-bin/
Disallow: /wp-login.php
Disallow: /wp-register.php
Disallow: /xmlrpc.php
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
If you pointed your domain to CloudFlare, it will help reduce the amount of bad bots and crawlers hitting your site automatically (not all). If you would like to place a block of your own for a bad bot or crawler, you can block them by IP address. For more information on how to decrease server load caused by Google search crawlers: https://support.google.com/webmasters/answer/48620?hl=en

-Wordpress database tables require to be cleaned and optimized from time to time. Select all the tables of a corresponding database in phpMyAdmin and use the “Repair” and “Optimize” buttons.

-Measure a plugin’s impact with a P3 plugin. It is recommended to finalize your optimization with this step to make sure that nothing heavy and useless is left among your plugins.

  • Joomla 

If your website is running on Joomla, then you might have installed a lot of additional components, plugins, templates, etc, or simply have a lot of articles that affect your website performance. A non optimized application causes a higher server load and slows down your site. Even search engines prefer websites that load faster and rate them higher page rankings. The recommendations below will help you improve the situation.

-Enable caching. Each time someone opens your website, Joomla has to fetch the content from its database, load all installed plugins, components and modules, load your template and combine all this data into a single page. When this option is enabled, the first time someone loads your page, the result from the above mentioned actions is stored. Then, all the following visitors will directly get the stored version of that page as if it was a simple, plain HTML file, which is much, lighter and loads faster. To enable it, you must login as the administrator and go to Global Configuration -> System tab and select Conservative caching.

-Disable Gzip compression. To do this go to Global Configuration -> Server and set the Gzip Page Compression variable to OFF. The CPU has to work harder to compress each of your pages before it sends it out. If you have Gzip compression enabled, an extra overhead is added to each page request. The speed gained by compression is offset by the CPU time required, resulting in a higher load with no real gain in performance.

-Remove unused extensions. Most times we have plugins and extensions installed to our Joomla that is no longer in use and just sits there utilizing resources. Make sure that old and unused modules, plugins and components are not just disabled, but removed completely. All installed extensions can slow down your site, even if you don’t have them enabled.

-Avoid Statistics Components. These use a lot of queries to constantly update and display your site statistics. This results in increased CPU usage and causes an added I/O wait. Use Awstats or Google Analytics instead.

-Point your domain to CloudFlare. It will help you make the website load faster and protect it against online spammers and hackers. Among other features and monitoring tools, CloudFlare provides you with an ability to automatically lower the size of CSS, JS, and HTML. By reducing the number of CSS, JS, and the size of those files, you can improve the site loading speed. The service gives you an ability to set up your own firewall rules for blacklisting abusive IPs, bad bots or whitelisting trusted IPs. Don’t forget to install a CloudFlare plugin for Joomla. It is a very important step to resolve any ToS violation.

-Database optimization. Joomla tables require to be cleaned and optimized from time to time. Select all the tables of corresponding database in phpMyAdmin and use the “Repair” and “Optimize” buttons.

-Optimize image sizes. One of the easiest things to do is make sure your images are optimized properly for the web. Avoid using huge, slow loading images. You should never upload a high-resolution image and re-size it using HTML or CSS. The huge full-size image will load, but just get re-sized on the fly by the server. Multiply that by the amount of visitors, and your server will be easily overloaded.

-Reduce what your users actually need to download. When any site loads, there are a number of things that need to be loaded for the site to actually display. The fewer files, the faster your site will load. The mentioned optimization alone can cut the time a site needs to load by almost a half. The first thing you need to do is figure out everything being loaded on your site. This will tell you what can be fixed. You can use services like http://www.websiteoptimization.com/services/analyze/ , enter the URL for the page you want to check and it will show everything being loaded. The most important for us are the Total CSS images, Total Scripts, and Total SCC Imports.

-Optimizing CSS Images. You’ll probably notice that you have a lot of CSS images being loaded. A part of them aren’t even being used on the page. Every single image referenced in your CSS file is loaded on every page load. So, it would be great if we could just have one CSS image. It is possible with CSS sprites. You can easily create them with online sprite generators, which will give you the sprite image and the CSS you need to use.

-Reducing the number of scripts loaded. All you need to do is install the ScriptMerge plugin and activate it. With its help, you will have only one CSS and one JavaScript file being loaded.

-Keep everything updated. Update Joomla and all its modules, plugins and components to the latest versions. Make sure that all plugins are compatible with the the version of application you are using. If your application is out of date, there are chances that your site will be compromised. It isn’t a rule, but older versions are generally more vulnerable to attacks. Not only that, newer versions are in most cases better optimized, faster and more secure with fewer to no bugs. This is critical for both the security and performance.

-Reduce requests from bots. You can instruct search engines on how they should crawl a website, by using a robots.txt file. When a search engine crawls a website, it requests the robots.txt file first and then follows the rules within. It’s important to know that robots.txt rules don’t have to be followed by bots, and they are a guideline. Example of robots.txt for Joomla installed in the root of your domain:
User-agent: *
Crawl-delay: 30
Disallow: /administrator/
Disallow: /bin/
Disallow: /cache/
Disallow: /cli/
Disallow: /components/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /layouts/
Disallow: /libraries/
Disallow: /logs/
Disallow: /modules/
Disallow: /plugins/
Disallow: /tmp/
If you are  pointing your domain to CloudFlare, it will help you reduce the number of bad bots and crawlers hitting your site automatically (not all). If you would like to place a block of your own for a bad bot or crawler, you can block them by IP. For more information on how  to decrease the server load caused by Google search crawlers: https://support.google.com/webmasters/answer/48620?hl=en

 

  • Benefits of Cloud Packages and Support

The above-mentioned solutions are more or less able to help you cut the load on the server, though it’s possible that the level of resources allocated by shared hosting environment doesn’t meet current increasing requirements of your website. So, it may be time to consider taking a step to a higher level. If your sites start growing and becoming really popular, you may need a more dedicated environment for your account such as Cloud By IX. Cloud packages are a self-managed service and can be adjusted to fit your needs as you see fit. You can find more detailed information at https://www.cloudbyix.com/features. If you are interested in this next level platform for your growing business, you can focus your attention on the new horizons with our excellent website moving service, which will professionally complete the process of moving from one host to another in a timely manner.

Was this article helpful?

Yes (28)
No (7)

We're sorry you didn't find this article very helpful. Please help us improve it by leaving your feedback below.

Error