Articles in this section

See more

WP Toolkit PHP process gets stuck and generates high CPU usage for the server

Avatar
Daniel Yordanov
Updated
Plesk for Windows kb: technical ext: wptk

Applicable to:

  • Plesk for Windows

Symptoms

  • The Resource Monitor shows that the high CPU usage comes from a PHP process.
  • The Windows Task Manager shows a PHP process that is tied to a WP Toolkit command has an unexpectedly high CPU usage:
  • The %plesk_dir%admin\logs\php_error.log file contains entries that are similar to the following:

    CONFIG_TEXT: [2023-06-07 11:00:34] 10140:648015bec09ec ERR [extension/wp-toolkit] [648015bea4188] plesk_user_exec("D:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP74\php.exe" -dsafe_mode=off -ddisplay_errors=on -dopen_basedir= -derror_reporting=0 -d max_execution_time=60 "D:\Program Files (x86)\Parallels\Plesk\Additional\modules\wp-toolkit\wp-cli\wpt-wp-cli.php" "--path=D:\Inetpub\vhosts\example.com\httpdocs" --no-color instance info "--format=json" "--check-updates=true") failed: Unable to execute plesk_user_exec: This operation returned because the timeout period expired. (Error code 1460) at Unable to execute "D:\Program Files (x86)\Parallels\Plesk\Additional\PleskPHP74\php.exe" "-dsafe_mode=off" "-ddisplay_errors=on" "-dopen_basedir=" "-derror_reporting=0" -d "max_execution_time=60" "D:\Program Files (x86)\Parallels\Plesk\Additional\modules\wp-toolkit\wp-cli\wpt-wp-cli.php" "--path=D:\Inetpub\vhosts\example.com\httpdocs" --no-color instance info "--format=json" "--check-updates=true"<br> at (zif_plesk_user_exec line 1191)<br> at (zif_plesk_user_exec line 1200)
    [2023-06-07 11:00:34] 10140:648015bec09ec ERR [extension/wp-toolkit] WP-CLI command has not finished working in 60 seconds, so it was terminated. Usually this means that there are problems with WordPress instance WordPress installation #21 ('http://example.com') itself, for example it could be infected with malware. Check the wp-config.php file of the instance for potential malware code.

  • The wp-config.php file or another important file from the main WP config files within the main WordPress installation directory contains signs of malicious code that may be similar to the following:

    CONFIG_TEXT: $_aihglf='aeb48d1mtofc' ^ hex2bin('130415414a08550817000206');
    $_h4e0r5 = "";

Cause

Some of the main configuration files of the affected WordPress website are infected with malicious code that prevents the PHP processes from exiting properly and thus interferes with the WP Toolkit functionality by making its processes hang.

Resolution

Replace the infected file with a clean verion or the piece of code that causes the issue manually and run the Malware scan in the WP Toolkit by using the information in this article:

WP Toolkit and Quarantine. How does it work?

Additional information

Securing WordPress | WP Toolkit | Plesk Obsidian documentation

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles