Fix WordPress stuck in maintenance mode
Ocassionally you will experience a persistent error in Wordpress that states “Briefly unavailable for scheduled maintenance. Check back in a minute.”
Wordpress
Configure file permissions for WordPress
The most common cause of errors in Wordpress is incorrect file and folder permissions.
Delete Expired Transients
Transients are a way of temporarily storing data in WordPress, conceptually similar to a sticky note. Transients are always created with a set maximum lifetime, after which they expire and are deleted.
Reject malicious requests
Code Snippet Add the following code snippet to functions.php or through the Code Snippets (or Code Snippets Pro) plugin: Source: unknown That’s it, you’re done!
Disable WordPress links in wp_head
Code Snippet Add the following code snippet to functions.php or through the Code Snippets (or Code Snippets Pro) plugin: That’s it! You’re done!
Remove query strings on static resources
Developers often add query strings to keep track of versions and to invalidate cache during development. When the query string is changed, it forces the client’s browser to download an updated copy of the stylesheet or script.
Disable WordPress XML-RPC
Attacks on xmlrpc.php are common. Not many websites actually use the XMLRPC functionality so one simple way of avoiding these attacks was to simply delete the xmlrpc.php file. However the file is restored every time you update WordPress, so this isn’t a very good solution.
Check your HTTP status codes with httpstatus.io
httpstatus.io is a popular bulk HTTP status checker, redirect checker and header checker. You can use this tool to easily check HTTP status codes, status messages, response headers, and redirect chains returned by a server in response to a URL request by clients like a browser or search engine bot.
Disable wp-cron and configure server cron
There is a PHP function built into WordPress which is designed to replicate a cron service, which is activated whenever someone accesses the web site. This is acceptable when only 1-2 people are accessing the site, but as the website usage scales up to dozens of users, this results in an exponential load on the server.
Install and configure fail2ban
Fail2ban is a server-based intrusion prevention daemon which prevents brute-force attacks by scanning log files for authentication errors.