One of the main and, perhaps, the most common causes of unnatural load on servers are bots that try to hack the site by picking passwords for the admin, trying to register or looking for an opportunity to leave a comment.
It works like this:
The site has an admin page, for example, www.test.com/wp-admin. The bot finds it and tries to pick a password by entering hundreds and sometimes thousands of different variations. Each download of the page and sending of data is a request to the server, which means a load on the hosting .
It used to be like that, but they put an end to it! Cityhost has implemented the following security system:
We have added verification of the user's reality before loading such pages. Before opening the admin (registration) page, a standard "captcha" from Google is now displayed. It will not be difficult for a live user to pass the check, but a bot will not be able to.
We have automatically enabled the following protection for the most common page variations:
- WP: * wp-admin + * wp-login.php + wp-comments-post.php;
- JOOMLA: * administrator + * login + * registration;
- Open Card: * admin;
- MODX: * manager;
- PRESTA SHOP: * back office;
- DRUPAL: * user / login.
You can disable this check yourself. You can do this in the control panel of cp.cityhost.ua. To disable the check, go to a specific hosting, then click "sites" and go to the "security" section. There, drag the slider opposite the "secured pages (capcha)" item.