Hi there, anyone ever experienced some issue with the /wp-admin/admin-ajax.php ?

My website runs in a hostgator dedicated server that is being droped down by attacks or an “internal error”…

I’m trying to cover all possibilities here, so i will show you 2 screenshots from my SSH:

This one when the server was shutted down: https://imgur.com/OFi1cg3

And this other one in the hour 12:20 https://imgur.com/WAwYnv9

And all other hours are the same processes and IP’s. (i do not have mod_cloudflare yet, so it show cloudflare IP’s)

  1. In the case of an “internal error” i searched this :https://wordpress.org/support/topic/very-high-memory-and-cpu-use-on-admin-ajax/
    … that let me to this: https://www.cloudways.com/blog/reduce-admin-ajax-php-related-server-load-wordpress/

Then i installed and configured the Heartbeat Control to cover the possibilite of an “internal error”.

  1. But those SSH log’s seems to indicate a DDoS attack, so then there is the thing, i’m a cloudflare pro customer and i configured a heavy firewall from all cloudflare recommendations from this two topics:

a) https://support.cloudflare.com/hc/en-us/articles/228325187-Hardening-WordPress-Security

b) https://www.cloudflare.com/features-page-rules/optimize-wordpress/

… and i tryed to harden the security even more configuring WAF rule not to igonre wp-admin in Package: Cloudflare Rule Set WP0003: https://imgur.com/jYhLDea

And i too have a zone lockdown for wp-admin and wp-login.php properly configrued…

So, if this is an attack, is passing through cloudflare… and NOT JUST THAT, i have Premium Wordfence too… If this is trully an attack, then cloudflare is being just for nothing (which i find hard to believe).

So, anyone ever experienced any similar problem?

Thank’s for the attention!