With I’m Under Attack mode enabled for an extensive period of time you could start seeing crawling anomalies on your Google Search Console, followed by the inevitable de-indexing of pages.
Googlebot and other search engines are allowlisted by default, according to Cloudflare:
But it seems that search engines will at times attempt to visit your site incognito, without Googlebot or any other easily guessable user agent, and the result will be crawl issues. These incognito visits are like auditing, and are supposedly meant to make sure that Googlebot is not being fed a “good” site, while human visitors are getting something else.
What I’d do instead is to examine origin server logs after patterns that could match the malicious behavior and try to create Firewall Rules and Access Policies accordingly.
Also, high CPU usage may be the result of poor coding. Sometimes all it takes is a plugin update that has a bug in it.
Any study to backup this googlebot incognito visits… anyway I have removed 3rd party resource consuming scripts from my main hosting space and moved them to amazon cloud and have researched about wordpress xmlrpc.php and wp-corn.php attacks and disabled them both. Lets see how this effects.
Sorry, I don’t. I’ve read this more than once on Google’s webmaster forum, but can’t find exactly where.
Also, if you don’t use xmlrpc.php, I suggest you create an Access Policy for the path /xmlrpc.php, which will prevent access instead of letting them in to your server to get a 404 or some other error msg, as a 404 also uses up cpu/bandwidth resources.
As for wp-cron.php, you should only disable it if you create a “real cron job”, which is quite easy to setup and should reduce the amount of requests. There are many plugins that depend on wp-cron.php to work for them to function properly.
I didn’t think wp-cron is called via the URL…unless you’re manually calling it from crontab. When I do that, I add the origin IP address to the hosts file so it hits it locally instead of through Cloudflare.
I had to disable it because my I/O Usage was getting flooded and it could be one of the reasons.
You might not notice these issues with good hosting but I have to deal with offshore hosts due to the niche of my website and getting a good hardware for affordable prices are hard there lol.
And
Wordfence is there on my website.
Sorry, but I have no idea what a DMCA ignore host is.
I use Siteground and am very happy with it. It recently added staging to their second-least expensive hosting plan, and daily website backup for 30 days on all plans. I’ve used Hostinger in the past, it was OK, but offered no server logs, so I gave it up.