If you’re managing a cPanel + WHM server (mine runs on AlmaLinux) and notice CPU usage spiking to 100%, there’s a good chance that aggressive bots or inefficient PHP processes are hammering your server. That’s exactly what happened to me — and here’s how I fixed it.
The Problem
My server load was pinned at 100%, with php-fpm processes consuming the bulk of the CPU. Using tools like htop and ps, I traced the activity back to a few specific WordPress sites hosted on the server.
The common culprit? Bot traffic hammering uncached pages and XML-RPC endpoints.
The Fix (3-Part Solution)
1. 🧱 Block Bots with .htaccess
I edited the .htaccess file for each affected site and added rules to block known abusive bots by user agent:
# Block bad bots by user-agent
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} (semrush|ahrefs|mj12bot|dotbot|python-requests|curl|wget|masscan|sqlmap|fimap|nmap|nikto) [NC]
RewriteRule .* - [F,L]
</IfModule>
This simple change started deflecting unnecessary load before it could hit WordPress or PHP.
2. 🛡️ Install and Configure Fail2Ban
I installed Fail2Ban to automatically block IPs that triggered suspicious patterns in my Apache logs (like repeated bot-like requests):
sudo yum install epel-release -y
sudo yum install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Then, I created a jail to detect and ban bad bots:
/etc/fail2ban/jail.d/apache-badbots.conf
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /usr/local/apache/logs/access_log
maxretry = 10
findtime = 300
bantime = 3600
/etc/fail2ban/filter.d/apache-badbots.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*(crawler|bot|spider|python|curl|wget).*HTTP.*"
With this in place, the server now proactively bans repeat offenders and malicious bots.
3. 🔄 Restart PHP-FPM and Apache to Flush Load
Once the defenses were in place, I restarted the two main services to clear out any bloated or stuck processes:
systemctl restart ea-php81-php-fpm
systemctl restart httpd
This dropped my CPU usage almost instantly and gave the server a clean slate to work with.
Summary
After these changes:
- CPU usage dropped from 100% to <10%
- PHP-FPM processes normalized
- The server has stayed stable under load, even with continued traffic
If you’re running cPanel/WHM and notice unexplained high load:
- Check your access logs
- Filter bots at the .htaccess level
- Set up Fail2Ban to auto-ban bad actors
- And always restart PHP-FPM/Apache after config changes
