Using Noabort to fix Wordfence issues on Litespeed

Running the security plugin “Wordfence” on Litespeed servers under their recommended settings can lead to your website experiencing performance issues and errors. This is due to incorrect advice by Wordfence when running with Litespeed.

The Possible Symptoms

Some symptoms of this issue may include the following:

• When requesting your website it times out before the page is loaded.
• cPanel shows the resource usage for CPU Usage and/or Physical Memory at 100%.
• Requests become slower to complete.

The Cause

The root cause is the addition of either of the following in your .htaccess file which is located in your web root (for the primary domain of your cPanel account this will be inside the public_html directory).

# BEGIN LiteSpeed noabort
 SetEnv noabort 1
# END liteSpeed noabort

or

# BEGIN LiteSpeed noabort
 <IfModule Litespeed>
 RewriteEngine On
 RewriteRule .* - [E=noabort:1]
 </IfModule>
# END liteSpeed noabort

or

<IfModule Litespeed>
SetEnv noabort 1
</IfModule>

The reason these may have been added by either yourself, your web developer or automatically by Wordfence is because these are the Wordfence-recommended settings when running Wordfence on the Litespeed Webserver.

When Wordfence is configured to update automatically and it fails, the following email is sent recommending that the above changes are added to the .htaccess file:

[Wordfence Alert] [example.com] Wordfence Upgrade not run. Please modify your .htaccess

This email was sent from your website “Example Website” by the Wordfence plugin at Monday 23rd of May 2022 at 02:28:13 PM The Wordfence administrative URL for this site is: https://example.com/wp-admin/admin.php?page=Wordfence
To preserve the integrity of your website we are not running Wordfence auto-update.
You are running the LiteSpeed web server which has been known to cause a problem with Wordfence auto-update.
Please go to your website now and make a minor change to your .htaccess to fix this.
You can find out how to make this change at:
https://www.wordfence.com/help/?query=dashboard-litespeed-warning

Preventing the issue

In order to prevent this issue from occurring the directives defined within the .htaccess file would need to be removed or commented out. This will disable the rule in question and allow Litespeed to behave normally and abort PHP processes after the client has terminated the connection.

1) Open cPanel for your website. You can do this via WHM if you have a Reseller/Dedicated Service, or if you are a Shared Hosting customer, via your hosts portal after selecting the active Shared Hosting in My Services and clicking Login to cPanel from the left-hand menu.

2) Click on File Manager in the Files section of cPanel

3) Once you have File Manager open, navigate to the web root of your website. By default this is public_html in your home directory for the primary domain.

4) Ensure you can see hidden (dot files) in the File Manager settings by clicking Settings in the top right, ensuring Show Hidden Files (dotfiles)  is ticked and then click Save.

5) Select the file named “.htaccess” and when it is highlighted click Edit at the top (if you get a pop up about encoding you can ignore this by clicking Edit again on the popup)

6) Look for the Litespeed entry (usually looking like one of the two quoted above in “The Cause” and add a # symbol to the start of any lines which do not already start with that symbol in that section only, for example:

7) Click Save Changes at in the top right and then click Close, you can then close the File Manager tab to return to cPanel for the account.

Warning

If your issue is currently ongoing (i.e. the account has high CPU and MEM usage) these steps alone will NOT suffice, the steps for Resolving the issue should also be followed to clear out any stuck PHP processes.

Resolving the issue

If the issue is currently ongoing, you’ll also need to clear any existing/hanging PHP processes which occurred as a result of this. To do so, please follow the steps below:

1) In cPanel navigate to select the PHP version under software:

2) Make a note of your Current Version of PHP then click on the drop-down box as shown:

3) Click on any other version and then click “set as current”, for example:

4) Click the drop-down again and select the version of PHP your site was on before changing it, and then click “set as current”.

Warning

Switching from one PHP version to another will essentially kill any remaining PHP processes that are running however you must ensure that the version is then switched back to prevent problems with site functionality.

5) To correctly set ‘noabort’ – only if you need it – it should be targetted, for example applying only to wp-cron requests:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^wp-cron.php$ - [E=noabort:1]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin
</IfModule>

ℹ️ Tip: For even better performance, and more reliable execution, consider calling wp-cron from the command line

Optionally, you can also prevent connection timeouts when performing long-running tasks in the WordPress admin – again, only if you’re suffering from a specific problem which requires it:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^wp-cron.php$ - [E=noabort:1]
    RewriteCond %{HTTP_COOKIE} ^.*wordpress_logged_in_.*$
    RewriteRule .* - [E=noconntimeout:1]
</IfModule>

Why does this cause my website to become unreachable?

Servers run the Litespeed Webserver to provide better performance to serve your website. Additionally, to prevent other users on the server from causing any issues with your own website, they often run CloudLinux Lightweight Virtual Environment (LVE). This segregates the resources available to each cPanel account on the server, meaning one rogue site doesn’t have unlimited access to the server’s resources, potentially impacting other websites on the same server.

Essentially, each cPanel account has it’s own set of resources it can use. If it uses them up, it cannot then claim more CPU or memory from the server, as this would cause other sites to have less access to resources. 

In normal operation, Litespeed Webserver will kill PHP processes which become orphaned from a browser request or that run for a long time because, in their own words, “generally, allowing a PHP script to run forever is not desirable“. If for example, a visitor closes the browser tab/window when connected to your site (in most instances) it makes sense to kill any PHP scripts that are running as a result of the visit. This also helps avoid bots or denial of service attacks from impacting your site.

Importantly, however, there are some instances where even if the initial web request connection is closed, you will want to keep PHP script running. Litespeed provides for this by allowing exceptions to be made. The full documentation here outlines the various exception syntaxes which can be implemented.

The change suggested by Wordfence (and in some cases added automatically by Wordfence) allows any PHP scripts to run forever if needed. It does not discriminate or narrow down any “allowed” scripts or requests, instead, it allows all requests to run without any time limit. In the above-linked documentation, Litespeed’s developers explicitly discourage this:

We know it is tempting to simply add noabort for all requests (.*), but we strongly suggest you do not do this. Adding noabort for all requests to .htaccess is not standard practice and may cause unintended consequences. For example, a site running in a Cloudlinux Lightweight Virtual Environment (LVE) that is hitting resource limits can become completely tied up. This is because LSWS is not able to abort any external app requests. 

When this suggestion from Wordfence is implemented, any PHP scripts on your site which do not exit properly (which may happen for several reasons), are simply left running. Eventually, these PHP scripts add up in number and exhaust all of the resources available to your cPanel account meaning new web requests to your website cannot be serviced.