BugWP logo BugWP
Back to Community
Home / Community / General

Troubleshooting Sucuri Security Plugin Performance and Slowdown Issues

36 threads Sep 17, 2025

Content

Many WordPress administrators rely on the Sucuri Security plugin for its robust auditing, malware scanning, and security hardening features. However, a common theme emerging from community support forums is that the plugin can sometimes introduce significant performance issues, particularly in the WordPress admin area. This guide will help you understand why these slowdowns happen and provide practical steps to resolve them.

Common Symptoms of Sucuri-Related Slowdowns

Users report a variety of performance problems linked to the Sucuri Security plugin, including:

  • Extremely slow page loads in the WordPress admin (up to 60 seconds).
  • Specific admin pages, like the Sucuri Dashboard or Settings, hanging or timing out.
  • Slow login times, sometimes resulting in timeouts.
  • High server CPU or memory usage, often in regular spikes.
  • Slow publishing or updating of posts and pages.
  • The entire site becoming unresponsive when accessing Sucuri's settings.

Why Do These Slowdowns Happen?

Based on analysis of community reports, the performance issues typically stem from a few specific plugin functions:

  1. API Communication & DNS Lookups: The plugin performs DNS lookups (using gethostbyaddr()) on every page load to determine if the site is behind the Sucuri WAF or services like Cloudflare. If your DNS server is slow or there is a network issue, this can add significant latency to every page load.
  2. XHR and Comment Monitoring: Certain monitoring features, like the XHR monitor, can hook deeply into WordPress and consume considerable resources, especially on sites with high traffic or on servers with limited resources.
  3. Scheduled File Scans: The plugin's core function is to scan your files for changes. On large sites or on underpowered servers, these scans can consume high amounts of CPU and memory, causing temporary slowdowns.
  4. API Service Outages or Network Issues: Occasionally, the plugin's attempts to communicate with Sucuri's API servers (wordpress.sucuri.net) can hang due to network problems or DNS misconfigurations, causing processes to wait for a response.

How to Troubleshoot and Fix Sucuri Performance Issues

If you are experiencing slowdowns, try these solutions in order.

1. Disable API Service Communication and DNS Lookups

This is the most common fix for general slowness, especially on login and admin pages.

  1. Go to Sucuri Security → Settings → API Service.
  2. Find the option for API Service Communication and disable it.
  3. Next, go to Sucuri Security → Settings → General.
  4. Locate and disable the IP Address Discoverer option. This stops the DNS lookups on each page load.

Many users in the forums reported that this immediately resolved their timeout and slow login issues.

2. Disable Resource-Intensive Monitoring Features

If you are seeing high CPU usage, specific features may be the culprit.

  1. Navigate to Sucuri Security → Settings → General.
  2. Disable the following options:
    • Allow XHR Monitor
    • Comment Monitor

As one user noted, this simple change reduced their server's CPU consumption from 100% to around 10%.

3. Check for and Address Large Log Files

The plugin generates log files that can grow very large over time, slowing down file scans.

  1. Use your hosting file manager or FTP to access your site's root directory.
  2. Navigate to /wp-content/uploads/sucuri/.
  3. Look for large files, particularly sucuri-oldfailedlogins.php and sucuri-auditqueue.php.
  4. You can safely delete these files. The plugin will regenerate them if needed.
  5. Consider setting up a recurring task to clean these logs if they grow too quickly.

4. Verify there are no DNS or Network Issues

Historical issues have occurred when Sucuri's API domain had DNS problems. You can test if your server can correctly resolve and connect to it.

  1. Ask your host or check if you can run command-line tools.
  2. Run: host wordpress.sucuri.net. It should resolve to a current IP like 192.124.249.16.
  3. Run: telnet wordpress.sucuri.net 443 to see if a connection can be made on port 443.
  4. If these commands hang or fail, your server's ability to communicate with Sucuri is impaired, which will cause the plugin to hang. In this case, disabling the API service (Step 1) is your best temporary workaround.

5. Review Scheduled Scan Timing

While the official scan is daily, other processes or conflicts might cause more frequent resource spikes. If you see performance issues every 15 minutes, use a plugin like "WP Crontrol" to inspect all scheduled WordPress tasks and see if a Sucuri-related event is running too often.

When All Else Fails

If the performance issues persist after trying these steps, the conflict may be more complex.

  • Plugin Conflict: Deactivate all other plugins and see if the speed returns to normal. If it does, reactivate them one by one to identify the conflicting plugin.
  • Revert to a Previous Version: Some users found that a specific update (e.g., 1.7.12) introduced problems. If a new version is causing issues, you can temporarily roll back to a previous stable version while waiting for a fix.
  • Check Error Logs: Examine your server's PHP error log and WordPress debug log for any specific errors related to the Sucuri plugin or admin-ajax.php.

By methodically working through these troubleshooting steps, you can likely identify and resolve the performance bottlenecks caused by the Sucuri Security plugin, allowing you to maintain both security and a responsive WordPress site.

Related Support Threads Support