There are all 10 sites on my server, traffic under 100visitor/day, all wordpress with few plugins, but load status 100%
probaly hacked wordpress instance, also you seem to run it under admin - not a good idea. You need to suspend all websites and find the infected one.
3 Likes
If you hosted your websites under different usernames, you would know which is the infected one because of the CPU consumed by the user.
The hacker would also not be able to escalate to root privileges since they won’t be running as the admin user and the infected sites would be apart so it would be less likely that one infected site spreads the infection to another website (user).
Sometimes it is not enough to suspend a website since they can still serve some pages even when suspended. You could suspend the users but you can’t since all websites run under the admin user.
Check the Nginx or apache logs the one that grows the fastest that’s it.
1 Like
or layer 7 ddos attack
It’s always a lot of guessing if we do not have any logs or more informations 
. As OP doesnt react, probaly issue found and resolved.
10 websites and then only 2gb Ram are also very little. I would take a stronger server and possibly choose another hoster with DDos protection.
at 100 visitors/day 2gb for 10 websites is more than enough in my opinion. But as already written, issue probaly already solved.
1 Like
Thank you to all forum members who have provided answers. I will upgrade the server and separate each website into different users. Currently, I have suspended the website with the highest traffic. The problem has been successfully resolved.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.