- Plesk Onyx for Linux
- Plesk Onyx for Windows
The following processes with the long lifetime (started by the Daily Maintenance task) are stuck and consume a lot of CPU (up to 100%) or RAM (there can be one or more such processes):
In Plesk for Linux:
# ps aux | grep safe_mode | grep -v grep
user+ 812014 203.0.113.2 347652 21328 ? R 00:01 728:37 /opt/plesk/php/7.0/bin/php -d safe_mode=off -d display_errors=off -d opcache.enable_cli=off -d open_basedir= -c /var/www/vhosts/system/example.com/etc/php.ini /usr/local/psa/admin/plib/modules/wp-toolkit/vendor/wp-cli/wp-cli/bin/../php/boot-fs.php --path=/var/www/vhosts/example.com/httpdocs instance info --format=json --check-updates=true --quiet
In Plesk for Windows, similar processes can be found in the Task Manager (or Process Explorer).
The following lines are found in the file
index.phpin the domain's directory:
# less /var/www/vhosts/example.com/instancename/wp-config.php
Note: Use PHP Decode to decrypt the line above. It will return the location of the malware.
The following error can be found in the file
CONFIG_TEXT: ERR [extension/wp-toolkit] Unable to process WordPress instance #34.
Plesk WordPress Toolkit fails to be opened with 502 error.
Broken or compromised with malware WordPress instance affects WordPress Toolkit processes in Daily Maintenance tasks.
This is WordPress Toolkit bug EXTWPTOOLK-1524 which is fixed in 3.5.0 version.
In case the process was spawned by the UI/API/CLI, or the WordPress Toolkit cannot be updated, apply the solution from the following article: Low server performance: WordPress Toolkit processes spawned by UI/API/CLI are stuck