Top Nav

WordPress Admin Dashboard Slow Due To WordFence

Recently worked a WordPress site where the admin dashboard was taking a minute or more to load. Tracked the problem to the “Updates Needed” section in the “WordFence” block displayed on the dashboard. The Updates Needed section calls the WordPress  “wp_version_check()” function. This function, as part of building the data sent to with the update version check, calls the WordPress “count_users()” function. The “count_users()” function runs a query like this:

The number of “COUNT(NULLIF” columns depends on the number of user groups. For a site with a small number of users and groups this query is not a problem. But for a site with over 100K users this query took over 100 seconds to run.

To fix the problem, we used “wp-cli” to disable the “Updates Needed” section in WordFence:

Now the admin dashboard loads with no delay. This is a great example of the types of problems that come with scaling a WordPress site to large numbers of users.





WordFence / CloudFront – Automatically Update Trusted Proxies

If you are using WordPress with CloudFront and WordFence then some extra configuration is required. WordFence does blocking based on IP address but it will fail to determine the correct IP address when you have CloudFront and an Elastic Load Balancer in front of the site. The work around is to setup a cronjob that updates the list of trusted proxies in WordFence.

  1. Login to WordPress admin and to to WordFence -> All Options. Under “How does Wordfence get IPs” select “Use the X-Forwarded-For HTTP header”.  Click “Save Changes”
  2. Add a cronjob using the script shown below to update the list of trusted proxies.

Here’s a simple script for the cronjob:





.htaccess – negative file type match

Here’s an example of how to block all files extensions not listed in the regular expression:



Mounting cloned disk

If you try to mount a cloned disk then you may get an error about duplicate UUID values. You can override with the “nouuid” option:

If the disk is using LVM then additional steps will be required:

Now you can list the partitions with lsblk and mount the desired logical volume with the “nouuid” option.




Mixing Plesk open_basedir path syntax

Plesk uses a convoluted syntax for open_basedir settings in Plesk. You can find this setting on a per-domain basis by navigating the Plesk GUI like this:

Domains -> -> PHP Settings -> Common settings ->  open_basedir

The default setting looks like this:

This breaks down as follows:

The first part, {WEBSPACEROOT}{/} means the the entire webspace root, /var/www/vhosts/ in this case. This includes httpdocs and any folder in this path.

The second part {:} is the delimiter.

The third part {TMP}{/} means the /tmp directory

Any additional paths can be added by appending a normal UNIX-style path syntax as in this example:

In this case the default plus the PHP 7.2 pear directory is allowed. You can add as many directories as needed using the UNIX style path syntax in combination with the Plesk default. Be sure to use a colon as your delimiter.