Fixing php5-fpm and Apache hanging with WordPress# 23 March 2015
I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:
sudo mkdir -p /var/log/php5-fpm sudo vim /etc/php5/fpm/pool.d/www.conf
; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set slowlog = /var/log/php5-fpm/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s
After a day or so I read the logs and found lots of slow requests to
xmlrpc.php for WordPress vhosts.
A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.
Edit your Apache vhost configuration (or
.htaccess if you don’t have access to this):
<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)"> Order Deny,Allow Deny from all #Allow from x.x.x.x </FilesMatch>
I noticed considerably lower latency when serving requests to PHP pages after this change.