Where to start.... CF Help, please & thanks!

I should pre-empt this topic by saying that my expertise is limited, and if I say things that don’t make sense, please excuse me!

I will try to lay out as much information, and the issues that we are facing with our website and hopefully we can try work out if there are solutions to my issues.

Ok, starting point. we are using Wordpress & Woocommerce. I use Cloudways as hosting and have used Cloudflare for some time now, but never really gone outside of the default settings. In Cloudways, we have 16GB Ram, 320GB SSD Disk, 6TB Transfer, 6 Core Processor. Just writing what we have direct from Cloudways, as I don’t fully know what any of that means.

Our website has on average 12k page views, and around 2k users per day. Not sure if this is useful, but wanted to put as much information as I can to help with the troubleshooting.

For the most part, our website runs relatively ok but then there are weeks like this one where things seem to be really sluggish. We have issues with uploading images, and making changes within Wordpress. We recently started to receive more than regular 502, 503, 524 errors. To the point where it was really ridiculous.

Going into Cloudways I could see that CPU was 100%…

and looking at the Idle CPU over the last week, there are definite moments where it’s almost at 0% availability.

I looked over the past 6months and there was a decent amount of time (in my opinion at least) where it was below 20%, so followed the advice and increased our server size. That’s one of my go to solutions, ha. If the cost is $30 a month to double our server size, I will go down that route to try resolve matters. The small cost outweighs the amount of time it would take me to fully understand and get to the bottom to the problem (hence my previous post to try get one-to-one assistance).

So before I made the change, I was on 8GB Ram, 16GB SSD Disk, 5TB Transfer and 4 Core Processor (see above for current).

Surprisingly (to me) this didn’t actually resolve the matter. The CPU usage was still 100% and we were still receiving error messages and sluggish website.

I raised a chat with Cloudways Support, and they looked into the matter and saw that we were getting a large volume of non-legitimate traffic requests. They mentioned that in the logs there were links for viagra/escort services, which isn’t related to our site and they suggest that we had been infected by malware, which obvs sent my heart rate to the moon. They said to set the I am Under Attack mode in Cloudflare to bring down the number of requests, which I did.

At this point, I ran some Malware scans from a previous WP plugin that we used back in 2017 when we had an issue. Nothing came back as weird, no issues. I also signed up with Sucuri (as cloudways suggested) to check and they found no issues either. I spoke with the Malware plugin dev, and he mentioned that it is something that our hosting provider will need to mitigate to prevent the DDoS attacks from affecting our site accessibility

Cloudways have said there is nothing that they can do about the DDoS attacks themselves, but again pointed me Sucuri and back to Cloudflare to apply some WAF, Argo, and some other rules in order to take this under control. I know we don’t have WAF set up, but know that we have Argo switched on.

I tried to do some reading to understand what I need to set-up to help, and found Rate Limiting, as that seemed to sound like it was something that I could use but didn’t know what settings to use, and playing around I found that it was affecting our checkout process on the woocommerce side. Once I saw that it impacted the checkout process, and potential customers, I switched it off.

I think at this stage, I decided I don’t know wtf I am doing and should really find a professional to help me out. Again, back to my post earlier looking for one-to-one assistance.

There is a lot to unpick here, that’s why I am honestly not sure that this is the right place as I’m sure there could be 10 different opinions about a number of the issues I have mentioned above, and I’m sure there are things that I might have inadvertently missed too.

If there is anything that can be done to help, I would love to hear your thoughts.

tl;dr: I need a beer

1 Like

I suppose you host your static files at Cloudways, but is the CNAME or A record to Cloudways configured correctly?
Moreover, the cache settings should be to consider, so Cloudflare could keep them at it’s edge and not going to Cloudways origin/host each time.

  • if that is due to the CPU load?

Moreover, have you already checked this:

Also you pointed WordPress & WooCommerce.
In that situation, if you do not have a WordPress cache plugin like W3 Total cache configured correctly (like page cache, database cache, object cache, browser cache, .etc) and on the Cloudflare dashboard you should configre cache with Page Rules.
Considering also, on your Web server the WooCoomerce “cookie” which you should not cache by default (otherwise visitors will have the same products in their cart - that is not what you want).
WooCommerce uses Ajax requests which will always “dig” the CPU regarding the traffic from visitors at your Webshop.

This errors are related, as far as I use Cloudflare, to your host/origin. Which exactly means, like could be a PHP memory exhaustion, depending on your PHP settings (like memory_limit), PHP OpCode cache, Memcache(d), Redis, etc. which can help you with reducing the load at your origin and prevent further displaying of thrown errors.

Later on, due to attacks, malware, plugins, multi-language for WordPress and more, tools like WPML, WooCommerce, WordFence and other can be CPU intensive also, weather they could help you, they could also make the issue more heavier.

In short, there are a lot of ways to do it, it can be resolved, but, starting point should be:

  1. Setup your VPS server (host/origin) first - PHP, Web server (Nginx recommended), MariaDB, Memcached, Redis …
  2. Setup WordPress caching plugin like W3 Total Cache
  3. Setup CDN - the one you use for static files right?
  4. Setup Cloudflare - Cache, optimizations, Polish, Mirage, Rocket Loader, Minify, Page Rules, Security
  5. Test, test, test …

I am afraid it is a big topic and covers really a lot of things. Furthermore, to consider your statement in first line of this topic:

That could be either to take some time for you to learn, try, setup, fix things or better to give someone to do it for you.

There are already topics about very similar issues with pointed out usefull links to setup a Website just like you have (or at least some of, if not all, from the above bullet list).

It is possible, but requires some time, and due the fact that there is a work to do at your host/origin too, the only way Cloudflare Community can help is to provide you helpfull links and information regarding the Cloudflare “how to setup the best” due the fact not knowing what you do have or will have - in a matter of time, more issues could pop-up if, personally I suggest you what to do.

Disclaimer: For sure, Cloudflare community and other people (from other sources of forums, etc.) can help you with all that, but as far as I know Cloudflare does not sale hosting or servers, etc. Moreover, I am just an regular user of Cloudflare services. I am sorry if I have written something which Cloudflare team even can do to help you and successfully resolve your issue(s).

On the other hand, as the cite from above of my 1st reply to your topic, you do not have to know how to setup all of that and lose time know, because when you learn it and finally do it as you want and as it should be, you already know you would lose your customers as well.

There are services like Kinsta.com - which allows you to configure stuff “on-click”, moreover are already pre-optimized and performance oriented for your case (WordPress + WooCommerce + Cloudflare).

Also to note, as far as I have used, regarding the knowledge and skills, they have a great tutorials for “how to setup this and that” regarding your issue.

Kindly, consider that option as well.

I am not their customer, neither reseller. Just pointing out what can you consider also due the fact of resolving your issue.

But, yes, as the BMW costs for the things you want or what you get, that way the Kinsta costs too.

Hopefully, be patient for someone else to reply to your topic due to your issue - maybe I am totally out of the point and maybe the thing is easier than it looks like (from some other view and perspective).

If you want my truly short answer, either the fact I am altruistic person and volunteered a lot, as a person, I am willing to do it for you, setup and configure, no costs for my time and work, just to resolve it and because it would really satisfy me to help you with that.
(costs would be only for a VPS/dedicated server, backup storage and at least the Cloudflare Pro plan which I recommend).

Thanks for taking the time to reply, @fritexvz, very much appreciated.

There is a lot going on, that is certain. I think that is why my initial thought was to find a Cloudflare expert to work one on one with, to go over our settings in CF etc to optimise and resolve our current issues. I don’t think the forum is necessarily the best place to dump everything into a topic without any oversight on the wider matter.

One thing you mentioned, W3 Total Cache, we had this in place. I had to deactivate it whilst running the malware scans, but I have reactivated this now.

Thanks again for your insight.

Any time I run across someone who goes all in on WooCommerce, I suggest they look at Managed WordPress hosting from a hardcore host like Pantheon.io or SiteDistrict.com

I do see a New Relic tab, and that can really help you track down what’s hogging up so much of your CPU.

Looking at your traffic patterns, it does look to peak mid-day. But at 2000 users per day, that’s an average of 1.5 users per minute. Yes, that’s linear and doesn’t account for spikes. So let’s pretend all 2000 users visit during a 6-hour span. That’s five visitors online at any given time (average). My opinion is that your server is overkill…unless you’ve got plugins killing your site’s performance.

You really need a WooCommerce developer to take a look at your site and see why it’s performing so poorly. Cloudflare isn’t going to provide much relief on a shopping site, as most of the CPU time is devoted to generating pages for your visitors. Cloudways already makes that as efficient as possible. If you’re using Cloudways CDN, you’ve pretty much done everything Cloudflare can do for you (performance-wise).


Thanks @sdayman,

You are probably very right. I think my go-to solution has to be increasing server size when encountering sluggishness rather than pinpoint the actual issue itself. It is probably overkill.

We are eight years deep now as a website on Wordpress, and in that time I’ve added, removed, tweaked so much that there are likely redundant plugins, setttings that are causing issues.

Primarily we are a blog, so we post any where between 9-15 times a day. So we have about 150-300 visitors per hour but a lot of returning visitors throughout the day. We added the woocommerce aspect at the back end of 2019. Whilst growing, the e-commerce aspect is still quite small compared to the blog side of the site.

There are so many moving parts now, that I have no real understanding of what we can do to improve matters when issues like these DDoS attacks etc occur. It’s always a case of me trying to find a solution that works at the time without disrupting the rest of the cogs in the machine. Generally doing it all by myself, with little technical ability. It gets me by as much as it can. The website is still standing after 8 years, creaks & moans every now & again. I wish I had the expertise or a team of folks behind me to be able to diagnose matters correctly. I don’t have time to learn everything.

I appreciate your thoughts though.

If WooCommerce isn’t the main source of traffic, then the quick fix would be to enable Automatic Platform Optimization through the Speed → Optimization dashboard in conjunction with the official Cloudflare plugin. APO is $5/month on free plans, and free on paid plans.

It will cache your pages which should offload regular page views. Once the shopping starts, then there will be the cookie @fritexvz mentioned which isn’t not cacheable.

This topic was automatically closed after 31 days. New replies are no longer allowed.