WP Admin extremely slow - wordpress

The WP back end of a site I'm working on (It's a multisite) takes about 25 seconds to load.
Everything was working fine until yesterday and the front end still works perfectly well. All other sites on the same server run just as well, so it MUST be a WP back end issue.
I don't remember exactly what change it was that made it so slow. I remember updating WP recently (to version 3.4.2), adding some plugins on one of the sites and changing the max upload file size.
I tried to disable all the plugins, changing the themes back to default, changing the max file size back, and adding define('WP_MEMORY_LIMIT', '1024M'); (and other values) to WP-config but none of it helped.
Also tried to 'Update network', but I got an error - couldn't connect to host.
Any ideas?

I got in touch with our network admin and we resolved the issue.
I will copy his answer here. Hope it helps someone.
Does Wordpress use 'self-referential URLs' ? What I mean by this is...
is wordpress trying to access it's own templates/css using fully
qualified domain names in the URL (e.g. http://example.co.uk/someurl )
Because we use Network Address Translation (NAT) on our firewalls to
hide the real IP address of the server, it has the side effect that if
the server tries to access it's own URLs, it will try to send the
traffic to the external interface on our firewall, which is where the
DNS resolves to.
The fix for this is very simple - we just add the site url into the
/etc/hosts file so that the server knows to use it's own IP address
instead of the address on the firewall.
So he added our address to the hosts file and now it works perfectly.
Awesome.

I've seen this before where the admin pages are trying to poll external Wordpress sites for details of Wordpress upgrades, plugin updates and Wordpress news. If there's no proper access (because of firewall restrictions, bad DNS, etc) then the page has to wait for the HTTP requests (I think WP uses cURL) to timeout.
If you're still unable to identify the cause I'd recommend a catch-all solution of installing xdebug and profiling the page with webgrind, xcachegrind, etc

Had the same problem for a week and now the problem of very slow WP-admin was solved!
Before, I cannot access my sites if I use incognito or I am not logged in as WP user, but all times in the wp-admin, it takes me 40 seconds- minute or even never.
Solution that worked:
I accessed the files in the file manager using the CPanel, and I saw so many unused and unnecessary folders and themes and that's the reason that causes the very slow access to admin.
It was because during the days of being a newbie, I stuffed a lot of files in the Public Http and that made it congested.
I logged in to another CPanel account that I bought personally before, and compared the folders of the "proper" versus the "congested" and compress, backed-up and deleted all the unnecessary.
My host: Hostgator, responded well also.
Hope this would help others.

I also had a very slow Dashboad in wordpress. Reading the James C´s answer, I realized that my site is located in a corporate intranet behind a firewall to access internet.
James C answered:
"I've seen this before where the admin pages are trying to poll external Wordpress sites for details of Wordpress upgrades, plugin updates and Wordpress news. If there's no proper access (because of firewall restrictions, bad DNS, etc) then the page has to wait for the HTTP requests (I think WP uses cURL) to timeout."
My solution was avoid all the internet conections: (1) disable all the wordpress updates using the wordpress plugin "Disable all wordpress updates". (2) activate de wordpress pluging "Disable google fonts"
After these two plugin activations, the Dashboard works to a suitable speed.

Related

WordPress site impacted with redirect injection

I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.

Difficult situation with domain under VestaCP

Let's say I have domain sxz.me.
Hostname is sxz.me, server is up and running. Unfortunately when I was typing in address sxz.me, it automatically redirected me to IP address 141.xxx.xx.xxx.
My point was to make it as domain name, not IP address. So I changed something in VestaCP that didn't work.
As a next idea, I have installed a plugin, which was redirecting IP address into sxz.me .. It worked! It started redirecting 141.xxx.xx.xxx into sxz.me. The problem was that sxz.me still didn't work e.g. didn't read files uploaded through ftp.
Then I've got genius idea of resetting the server from hosting support. I did it and then for whatever reason WordPress admin panel from 141.xxx.xx.xxx stopped working. I couldn't access it.
I've changed everything in VestaCP in the way described in this video.
Before it was also changed similar, but some parts were missing. We were waiting for DNS propagation and unexpectedly sxz.me started working! Almost there, but problem was that I still couldn't copy files from 141.xxx.xx.xxx by plugin, because of no access to WP admin.
I know there are also different ways, but that was my first idea. In the meantime I've started installing WordPress according to config.php from zero on 141.xxx.xx.xxx and website gone again! It just crashed somehow and started redirecting me once again to 141.xxx.xx.xxx so I'm completely confused and don't know what to do.
Domain doesn't work at all.

Nothing works past the index/main page. Am I missing anything?

I am currently migrating my website that was hosted on GoDaddy to an Amazon Linux instance. Everything has worked so far using elastic IP that I allocated, but I haven't been able to access other pages using the GoDaddy domain I transferred from my original website.
I have tried to change the site address/URL structure in the Wordpress settings, but I almost broke my website (TWICE!). Should I be changing one of the .htaccess files instead of the native Wordpress setting?
My elastic/public EC2 instance IP is: 52.26.232.168
The domain I would like to point to the IP is: artrantsbyaj.com.
Any help is greatly appreciated.
NOTE: I do not yet have a high enough reputation to post images yet, I apologize.
Try to refresh your permalinks:
Go to the permalink settings and save them (do not change anything, only click on save to refresh your permalink structure).
Test it and let me know if you have any problem.
Regards.

How can I solve the OpenShift Wordpress installation certificate and hence the https permalink issues?

I've migrated my Wordpress blog to OpenShift recently. It works perfect until when you try to add a custom domain alias to your installation.
The OpenShift URL for my blog is blog-latifetunc.rhcloud.com
I added the following URL as alias: blog.latifetunc.com
(Sorry I couldn't attach images since I don't have enough reputation points. Instead I put links to images. This is my first question in StackOverflow.)
http://www.alpertunc.com/q1.png
I successfully added the CNAME record for my domain to point blog.latifetunc.com to blog-latifetunc.rhcloud.com in GoDaddy
http://www.alpertunc.com/q2.png
The problem pops up when I try to reach my blog with this alias. It says:
Safari can't verify the identity of the website "blog.latifetunc.com".
The certificate for this website is invalid. You might be connecting to a website that is pretending to be "blog.latifetunc.com", which could put your confidential information at risk. Would you like to connect to the website anyway?
(I can't even post more than two links without 10 reputation points :( So please put the above URL in front of below images as well.)
q3.png
If you click "Continue" it works fine but this alert is very scary for many users. I searched for hours for a solution with no luck. I considered buying a security certificate as well but then I thought this blog was working with an alias in its previous installation too. However we never had such an alert in browser while visiting either via the main domain or the alias.
The previous installation was on IIS and the binding were as following:
q4.png
Then when my brain was about to explode I found out that the alert is due to https. When I checked Settings from my Wordpress dashboard I realised that somehow OpenShift installs Wordpress on https and sets the permalinks to https.
q5.png
In fact whatever you type that points to *.rhcloud.com is converted to https. I know that because I added the CNAME for www.latifetunc.net to point to blog-latifetunc.rhcloud.com as well but didn't add the alias in OpenShift Applications. So www.latifetunc.net resolves to blog-latifetunc.rhcloud.com but since there is no alias defined (hence there is no vhost entry in Apache) it gives error. But even that error is in port 443!
q6.png
My main problem is to get rid of the certificate error while visiting my blog via my alias domain name. I really appreciate any help on that one.
My related question is that why on earth permalinks start with https on OpenShift Wordpress installation? If I can solve that, probably I'll solve my main problem as well.
Thanks a lot!
I checked blog.latifetunc.com on safari,chrome,firefox, and opera and I didn't get any warnings so you much have figured out a solution. However for others who may stumble across this I've provided some information:
By default OpenShift applications accept traffic on both http and https. So if you're wanting to have a custom domain but aren't worried about ssl than you can simply just use the http connection to your application (http://myapp.com). If you are wanting to apply a SSL certificate and you're on one of the plans that allow it (bronze or silver). The documentation to apply it, is in the SSL Section of the OpenShift Online User Guide.

Wordpress clone on Dreamhost

So I created a new subdomain on Dreamhost. One-click installed Wordpress. Fresh Copied the olddomain.com to newdomain.com exported all the tables with the drop attribute to the new wordpress database via phpmyadmin. Then followed this post to update the urls.
The site doesn't load, giving me this error message:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
I would make sure to check the 'www' rules in Fully Hosted (from the web panel: Manage Domains > Web Hosting > Edit), compared with your site URL settings in the WordPress dashboard. Make sure those aren't conflicting first.
If you need further assistance, just let me know the domain name and I can take a look. Please also feel free to start a LiveChat from the panel or submit a ticket; our support team is here to help 24/7!
Thanks!
Ellice S
DreamHost Staff
I finally ended up creating an empty site and then using the WP Duplicator plugin. Worked like a charm!

Resources