[wp-trac] [WordPress Trac] #64373: To developers bug report / suggestions:
WordPress Trac
noreply at wordpress.org
Sun Dec 7 16:24:30 UTC 2025
#64373: To developers bug report / suggestions:
------------------------------+-----------------------------
Reporter: hellobonjour2025 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Cron API | Version: 6.9
Severity: critical | Keywords:
Focuses: |
------------------------------+-----------------------------
After investigation of the issue of our corporate mirror website we
noticed that the new core gives lots of API calls to different services.
Heartbeat API
WP-Cron: Core updates checks, Plugin/theme update checks, Health checks &
transient cleanup etc.
What we have: A cron event crashes or times out → never clears → gets
rescheduled → retried on almost every page load – New scheduled tasks
related to site health / auto-updates / recovery.
Site Health / Background Checks
Too many, too often REST API checks for availability, Loopback requests,
Background updates availability, HTTPS / SSL cert, etc.
Adding here: Auto-Updates / Background Updater
If update checks keep failing (DNS, WAF, connectivity to api.wordpress.org
/ downloads.wordpress.org):
Cron sees failures
Retries aggressively
Constant remote HTTP calls:
6.9 may have slightly changed behavior around self-repair, auto-rollback,
or core health, causing more chatter.
Recovery Mode hooks may:
Re-check, re-log, re-filter
Try to generate links, notifications
Additional note: it is important to know that Cloudflare covers 30% of the
global internet, so working with them is essential as there are millions
of WordPress users out there.
Two things happened at the same time.
WordPress 6.9 core update – really is misbehaving on some stacks
(including Cloudflare setups).
Cloudflare itself had a major global outage on Dec 5 that hit dashboards
and APIs.
On December 5, Cloudflare acknowledged a big incident:
Around 40% of global traffic impacted, including dashboard + API requests
(that includes great number of WordPress users).
Root cause: an internal change in their WAF / React security patch that
went wrong, not an attack.
That means:
Any time a browser → Cloudflare dashboard, or Cloudflare → origin/API,
those paths could stall or fail.
From our point of view: “admin suddenly loads in 10 minutes” – because the
route, not our server (any server in that matter), was choking.
WordPress 6.9 new core introduction (separate but overlapping).
At the same time:
Agencies are reporting 6.9 breaking big plugins like WooCommerce, Yoast
SEO and Elementor unless they’re updated in a specific order.
Other tests show 6.9 can be very fast on frontend, on clean, managed
stacks with their own CDN, with no essential plugins: no Wordfence, no
Hummingbird, no Yoast SEO, and no Cloudflare.
A Reddit thread from a few days ago shows people with permanent 100% CPU
usage on 6.9, especially:
when using the Cloudflare plugin, and
when editing posts (backend side)
So:
On “nice” hosting, with compatible plugins, 6.9 ≈ speed boost.
On more complex / Cloudflare-heavy setups, 6.9 + certain plugins ≈ CPU
lock, admin lag, or total freeze.
So what we, as well as many other users, experienced is a major “stack” of
API calls, which were repeatedly trying to get through. We noticed on our
logs around 7k API calls for cron and checks in 1 min from WordPress 6.9.
Suggestion for the new version 6.9.1:
Perhaps combining API calls as one to one service only – would be a
solution for millions.
Working with developers of Cloudflare and making it compatible.
Thank you for your attention.
Regards
Ana – developer
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64373>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list