High CPU usage is a common problem faced by WordPress websites. While there are many possible causes, one often overlooked culprit is malicious crawler bots. These bots crawl your website excessively, consuming resources and impacting performance. This case study examines how a WordPress website experienced high CPU usage due to a malicious crawler bot and the steps taken to investigate and resolve the issue.

High Resource usages stat

Symptoms of High CPU Usage

The website owner noticed several symptoms of high CPU usage, including:

  • Frequent website timeouts: Users encountered “503 Service Unavailable” errors when accessing the website, indicating that the server was overloaded and unable to respond to requests.
  • High resource usage notification: The hosting provider notified the website owner that the website was exceeding its resource limits, suggesting excessive CPU utilization.
  • Slow website loading times: Users reported experiencing significant delays when loading pages.

Identifying the Malicious Crawler Bot

The investigation began with thoroughly examining server logs, website analytics, and real-time monitoring tools. It became evident that the source of the problem was not organic traffic but rather an influx of requests from suspicious user agents and repetitive IP addresses. After a closer look, we found patterns typical of malicious crawling behavior. We pinpointed several troublesome bots responsible for the excessive requests by examining user agents and IP addresses.

How We Tackled It

To tackle the issue of high resource usage due to bot traffic, our initial move was to incorporate the website into Cloudflare’s free plan, leveraging its robust firewall capabilities. Employing the Cloudflare firewall, we implemented the following measures:

  • IP Blocking: We quickly blocked the IP addresses of the identified malicious bots to stop further requests.
  • User Agent Filtering: We set up filters to block the specific user agents associated with these troublesome crawlers.

Firewall for Bad Crawler Bots

The Results

Our strategies worked! The high CPU and resource usage from malicious crawlers decreased, and WordPress sites bounced back. Loading times improved, and the risk of downtime was significantly reduced.
High Resource usage resolved

Conclusion:

This case study highlights the importance of a swift and comprehensive response to mitigate the impact of malicious crawlers causing high CPU usage in WordPress. Through careful investigation, targeted mitigation strategies, and ongoing vigilance, the WordPress community can fortify itself against future threats, ensuring a secure and optimal user experience for website owners and visitors alike.