Update June 19, 2019: Some high traffic sites also reported crashed databases several months ago…
This post is a public warning about plugins released by Rymera Web, an agency from Australia.
Recently we’ve had to blacklist (ban) all Rymera Web plugins from LittleBizzy, and our underlying SlickStack server script due to poor coding that was causing database thrashing.
Specifically, Rymera Web plugins — most if not all of them that we checked — generate WP cron jobs solely for the purpose of asking website owners to review their plugins on WordPress.org. One client of ours in particular had their WooCommerce Wholesale Prices plugin suite installed, and due to conflicts with (we believe) the rather standard Redis object caching, the plugin generated over 44,000+
wwp_cron_request_review cron jobs for this simple (and non critical) task of asking users for reviews.
“You never really learn much from hearing yourself speak.”
― George Clooney
Unfortunately this resulted in the client’s database repeatedly freezing up. Thankfully they were able to manually remove all cron jobs and other cruft from the database, and we then blacklisted all Rymera Web plugins, because they all seem to include this same event generation code, which is rather abusive of WP-Cron.
Normally I wouldn’t “go public” with this type of situation — in some cases, plugin authors have contacted us via the SlickStack Github repo or otherwise to find out how they could improve their plugins, and we’re happy to offer some advice when possible.
Unfortunately in this case, Rymera founder Josh Kohlbach refused to listen to our suggestions and doubled down, telling several of our clients that our servers had caused the database thrashing instead of his code, and telling them to move to a different web host… he also tried to instruct some of our clients how to “hack” our plugin blacklist system to try and re-enable his plugins… yikes! Not very cool, amigo.
Instead of reviewing his code for potential problems, Kohlbach immediately accused us of implementing a non-standard cron schedule that was calling his event thousands of times. Turns out, SlickStack only uses the standard WP-Cron that’s included in WordPress. Even if we did have a custom crontab that called
/wp-cron.php several times each day, it still wouldn’t explain why his plugins don’t realize that the cron is already scheduled, and then duplicate it thousands more times into the future.
From the official documentation:
Another important note is that WP-Cron is kind of naive when scheduling tasks. Tasks are driven by the hook provided for the task, however if you call wp_schedule_event() multiple times, even with the same hook name, the event will be scheduled multiple times. If your code adds the task on each page load this could result in the task being scheduled several thousand times. Probably not a great idea. WordPress provides a convenient function called wp_next_scheduled() to check if a particular hook is already scheduled.
But ultimately if they had followed best practices as published by WordPress.org, or maybe did not abuse WP-Cron in the first place just to nag users for reviews, it wouldn’t be an issue.
Apologies accepted via email, social media, public speeches, and check or money orders ;)Last modified: 7 Jul, 2019
"After being hosted on GoDaddy for years, I didn't realize how negatively it was impacting my search traffic. Soon after moving to LittleBizzy, my homepage went from page 3 on Google to #1 world-wide for my target market, and I also reached the top 3 on Google Maps, with no additional SEO work."Juliette S.
"Before moving to LittleBizzy, whenever our news website was featured on the Drudge Report, it often slowed to a crawl or even froze up during big traffic spikes. Now, that never happens anymore, and we've been able to focus on publishing more articles instead of worrying about our web hosting."Steve G.
"The research by Amazon is definitely true, because our slow WooCommerce store was bleeding sales. After LittleBizzy stabilized our performance and moved us closer to our target customers, we saw a measurable improvement in shopping cart checkouts, esp. during holidays... much better!"Mohammed H.
No contracts, free migration, and free SSL forever. What are you waiting for? Order Hosting Now.
WordPress Gossip, Technical SEO News, And Other Goodies.
Free. Unsubscribe anytime.