Have you been having issues with your site not responding, causing timeouts or 503 errors?
We have recently seen a lot of accounts suffering this issue where the site stops responding and they all seem to have the same symptoms and likely cause and that is the use of a ‘noabort’ directive in the sites’ .htaccess files.
This is something the Wordfence developers recommend doing if Wordfence auto update is not working or if the scans are timing out, in order to override the Litespeed webservers inbuilt resource-protection system whereby it will normally timeout a PHP process if it hasn’t output any data in ~2 minutes.
This is because the resource protection system can have the effect of terminating long-running processes that are still alive, e.g. Wordfence scans.
Ironically Litespeed themselves also suggest doing this in order to solve the issue with their plugin not auto updating as well.
Unfortunately this is bad advice they are giving out, since they suggest to override the ‘abort’ for -all- processes – front- and back-end.
This then causes a large number of websites to gather up huge numbers of PHP processes consuming all the accounts’ CPU and memory resources, thus resulting in timeouts and 503 errors from WordPress.
These are the directives they recommending putting in your htaccess file.
<IfModule Litespeed>
SetEnv noabort 1
RewriteEngine On
RewriteRule .* - [E=noabort:1]
</IfModule>
Instead, we would suggest using the directives below:
# BEGIN SAFE NOABORT WITH NO-TIMEOUT
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^wp-cron.php$ - [E=noabort:1]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin
RewriteCond %{HTTP_COOKIE} ^.*wordpress_logged_in_.*$
RewriteRule .* - [E=noabort:1]
</IfModule>
# END NO-TIMEOUT
These are more discriminatory and will only override the abort for back-end tasks where the client is logged in and/or running via wp-cron.
Recent Comments