Title: Plugin causes self inflicted DOS ATTACK! Last modified: June 5, 2019 --- # Plugin causes self inflicted DOS ATTACK! * Resolved [Oclair](https://wordpress.org/support/users/oclair/) * (@oclair) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/) * Woocommerce knows neither how their users use their software, nor the sloppily designed, resource wasteful platform wordpress revealing this by this beta plugin. * This plugin will never be useable, admins for sites have multiple browser tabs open and that completely knocks out the store with a denial of service effect. Just imagine a few admins logged in at the same time with multiple tabs open? * #facepalm Have a nice day! OC Viewing 8 replies - 1 through 8 (of 8 total) * [Caleb Weeks](https://wordpress.org/support/users/calebweeks/) * (@calebweeks) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11609326) * Thanks for bringing this up, [@oclair](https://wordpress.org/support/users/oclair/)! This was exactly what happened to us this morning (all morning!) and our hosts over at Flywheel did an awesome job (as always!) figuring it out. * Though WooCommerce Admin hasn’t reach version 1.0 yet at the time of this post, I couldn’t resist installing it, so I just learned that lesson again, alas, of the risks to using pre-1.0/beta software rather than waiting till it’s officially ready. * “Self-inflicted DDoS/DOS” – that’s exactly what it was! * Thread Starter [Oclair](https://wordpress.org/support/users/oclair/) * (@oclair) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11609594) * Wordpress simply has too much crap that loads with every single insignificant request. Web cron, rebuilding image previews total garbage stuff that should be simply thrown into an orderly crontab never to think about again. So every time that lovely and I agree lovely admin interface shoots over a dozen requests to populate bam the site is locked up. * You would think woocommerce would first release a code cleanup for the core wordpress before making such demands on it… * [gresakg](https://wordpress.org/support/users/gresakg/) * (@gresakg) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11613233) * I had the same experience. My CPU load went to the skies, so I though I was experiencing an attack. After tailing access log, I discovered the IP “attacking” my server was my own: I forgot to close my woocommerce administation. After closing this one tab, loads went back to normal. * [Michael](https://wordpress.org/support/users/nikonratm/) * (@nikonratm) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11616593) * Yes! This is a major issue and need to be fixed! Unbelievably bad bug, just look at my logs, this isn’t even 1 full second!! * [07/Jun/2019:18:06:14 +0000] “GET /wp-json/wc/v4/reports/orders?page=1&per_page =0&status_is%5B0%5D=processing&status_is%5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=7899&action=edit”](https://*****.com/wp-admin/post.php?post=7899&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=7899&action=edit”](https://*****.com/wp-admin/post.php?post=7899&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:14 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=7899&action=edit”](https://*****.com/wp-admin/post.php?post=7899&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/admin/notes?page=1&per_page=25&status=unactioned&type=error%2Cupdate& _locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8020&action=edit”](https://*****.com/wp-admin/post.php?post=8020&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=7899&action=edit”](https://*****.com/wp-admin/post.php?post=7899&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 404 649 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” [07/Jun/2019:18:06:22 +0000] “GET/ wp-json/wc/v4/reports/orders?page=1&per_page=0&status_is%5B0%5D=processing&status_is% 5B1%5D=on-hold&_locale=user HTTP/1.0” 403 606 “[https://*****.com/wp-admin/post.php?post=8006&action=edit”](https://*****.com/wp-admin/post.php?post=8006&action=edit”);“ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15” * [Albert Juhé Lluveras](https://wordpress.org/support/users/aljullu/) * (@aljullu) * [7 years ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11619949) * [@oclair](https://wordpress.org/support/users/oclair/) [@calebweeks](https://wordpress.org/support/users/calebweeks/) [@gresakg](https://wordpress.org/support/users/gresakg/) [@nikonratm](https://wordpress.org/support/users/nikonratm/) thanks for the report. Some other users reported similar issues, and we are tracking it here: * [https://github.com/woocommerce/woocommerce-admin/issues/2365](https://github.com/woocommerce/woocommerce-admin/issues/2365) * Feel free to participate in the GitHub issue or leave any other details you think might be relevant. * [Albert Juhé Lluveras](https://wordpress.org/support/users/aljullu/) * (@aljullu) * [6 years, 12 months ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11633564) * [@oclair](https://wordpress.org/support/users/oclair/) [@calebweeks](https://wordpress.org/support/users/calebweeks/) [@gresakg](https://wordpress.org/support/users/gresakg/) [@nikonratm](https://wordpress.org/support/users/nikonratm/) updating to the last version of WooCommerce Admin (0.13.1), which was released today, should fix this issue. * I will proceed marking this thread as resolved. Please, feel free to reopen it if you can still reproduce the bug. * Thread Starter [Oclair](https://wordpress.org/support/users/oclair/) * (@oclair) * [6 years, 12 months ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11634224) * clearly the team re-wrote the real world wordpress core to handle their other world ambitions #holdononesecmyimagepreviewsarebeingrefreshed - This reply was modified 6 years, 12 months ago by [Oclair](https://wordpress.org/support/users/oclair/). * [Caleb Weeks](https://wordpress.org/support/users/calebweeks/) * (@calebweeks) * [6 years, 12 months ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11635388) * Thanks for update, [@aljullu](https://wordpress.org/support/users/aljullu/)! Will report back if we have any issues. 👍🏻 Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Plugin causes self inflicted DOS ATTACK!’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/woocommerce-admin_b298d1.svg) * [WooCommerce Admin](https://wordpress.org/plugins/woocommerce-admin/) * [Support Threads](https://wordpress.org/support/plugin/woocommerce-admin/) * [Active Topics](https://wordpress.org/support/plugin/woocommerce-admin/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce-admin/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woocommerce-admin/reviews/) ## Tags * [admin](https://wordpress.org/support/topic-tag/admin/) * [attack](https://wordpress.org/support/topic-tag/attack/) * [ddos](https://wordpress.org/support/topic-tag/ddos/) * [DOS](https://wordpress.org/support/topic-tag/dos/) * [down](https://wordpress.org/support/topic-tag/down/) * 8 replies * 5 participants * Last reply from: [Caleb Weeks](https://wordpress.org/support/users/calebweeks/) * Last activity: [6 years, 12 months ago](https://wordpress.org/support/topic/plugin-causes-self-inflicted-dos-attack/#post-11635388) * Status: resolved