Guide

WordPress memory_limit exhausted — how to detect it before it crashes the site

Your WordPress admin shows a half-rendered page.
Anonymized from a real site A contracting business's WordPress

The site was sending email it never authorized

Seven outbound emails fired from the site within a six-minute window, all originating from the same external IP that posted to /xmlrpc.php without authenticating. The xmlrpc endpoint exposes methods that can cause WordPress to send mail — new user notification, comment notification, password reset — without a logged-in session. The site was being used as a relay.

The owner discovered it 35 minutes after the last outbound message, by which time the mail was already out the door. The abuse window was six minutes wide. The detection-to-action gap was 35 minutes. Domains in this position typically end up on a blocklist if the volume crosses a threshold, which complicates legitimate email for weeks.

The operator blocked xmlrpc.php at the web server (returning 403 before PHP runs at all) and ran the domain against the major blocklists. It hadn't landed on any of them; the response was fast enough.

Related guides

PHP deprecation warnings after PHP 8.x upgrade — what to fix first WordPress 500 internal server error — how to find the cause in logs WordPress PHP warning spike — finding the plugin or file causing the flood WordPress fatal error — how to find what crashed your site

See what's actually happening in your WordPress system

Connect your site. Logystera starts monitoring within minutes.

Request a demo WordPress integration
Logystera Logystera
Behavioral monitoring for the systems your team operates. Read operational state, get told when behavior changes, with the evidence attached. Current integrations: WordPress and Drupal.
Product
Overview How it works Features Integrations Compare Pricing Changelog Status
Guides
WordPress Cron Not Running WordPress Emails Not Sending Log-Based Monitoring WordPress Monitoring Drupal Monitoring Signals Reference Reports Blog Documentation
Solutions
For Agencies For SMEs For Government For Education For Enterprise Services Engagement Models What Logystera Is FAQ
Legal
Privacy Terms Security Cookies
Company
Contact About Why Logystera
Follow us
Twitter LinkedIn
Copyright © 2026 Logystera. All rights reserved.