Mr @threadi ,
Thank you very much for taking your time and lecturing. Your time is very much appreciated. Your comment helped a lot. I hope the tone of my message aligns with your expectations. As you “another user” of WordPress – my message was not addressed to you but to developers.
I’m thrilled to know that your websites work perfectly under the new core version. Which is not in our case, and not the case of the million of other users.
That’s been said.
Have a wonderful day.
Ana
________________________________
After investigation of the issue of our corporate mirror website we noticed that the new core gives lots of API calls to different services.
To developers bug report:
Heartbeat API
WP-Cron: Core updates checks, Plugin/theme update checks, Health checks & transient cleanup etc.
What we have: A cron event crashes or times out → never clears → gets rescheduled → retried on almost every page load – New scheduled tasks related to site health / auto-updates / recovery.
Site Health / Background Checks
Too many, too often REST API checks for availability, Loopback requests, Background updates availability, HTTPS / SSL cert, etc.
Adding here: Auto-Updates / Background Updater
If update checks keep failing (DNS, WAF, connectivity to api.wordpress.org / downloads.wordpress.org):
Cron sees failures
Retries aggressively
Constant remote HTTP calls
6.9 may have slightly changed behavior around self-repair, auto-rollback, or core health, causing more chatter.
Recovery Mode hooks may:
Re-check, re-log, re-filter
Try to generate links, notifications
Additional note: it is important to know that Cloudflare covers 30% of the global internet, so working with them is essential as there are millions of WordPress users out there.
Two things happened at the same time.
WordPress 6.9 core update – really is misbehaving on some stacks (including Cloudflare setups).
Cloudflare itself had a major global outage on Dec 5 that hit dashboards and APIs.
On December 5, Cloudflare acknowledged a big incident:
- Around 40% of global traffic impacted, including dashboard + API requests (that includes great number of WordPress users).
- Root cause: an internal change in their WAF / React security patch that went wrong, not an attack.
That means:
- Any time a browser → Cloudflare dashboard, or Cloudflare → origin/API, those paths could stall or fail.
- From our point of view: “admin suddenly loads in 10 minutes” – because the route, not our server (any server in that matter), was choking.
WordPress 6.9 new core introduction (separate but overlapping).
At the same time:
- Agencies are reporting 6.9 breaking big plugins like WooCommerce, Yoast SEO and Elementor unless they’re updated in a specific order.
- Other tests show 6.9 can be very fast on frontend, on clean, managed stacks with their own CDN, with no essential plugins: no Wordfence, no Hummingbird, no Yoast SEO, and no Cloudflare.
- A Reddit thread from a few days ago shows people with permanent 100% CPU usage on 6.9, especially:
- when using the Cloudflare plugin, and
- when editing posts (backend side)
So:
- On “nice” hosting, with compatible plugins, 6.9 ≈ speed boost.
- On more complex / Cloudflare-heavy setups, 6.9 + certain plugins ≈ CPU lock, admin lag, or total freeze.
So what we, as well as many other users, experienced is a major “stack” of API calls, which were repeatedly trying to get through. We noticed on our logs around 7k API calls for cron and checks in 1 min from WordPress 6.9.
Suggestion for the new version 6.9.1:
Perhaps combining API calls as one to one service only – would be a solution for millions.
Working with developers of Cloudflare and making it compatible.
Thank you for your attention.
Regards
Ana – developer
