something else for others to consider…
After I upgraded my Wordpress one-click install to use 2gb I was getting the same results....after a day I had to reboot my droplet to get my WP site running normally.
I then took a look at the apache access.log file and noticed a constant POST to xmlrpc.php from some IP Address.
I did two things to fix this…
I updated iptables to drop the offending IP Address
I restricted access to xmlrpc.php (via apache vhost file) to deny from all; I believe this also disables you from using the mobile app to update your wordpress site as well as other 3rd party services to update WP content....so be careful doing this
Now the problem has gone away :)
There might be some other steps you can do to prevent these type of attacks but these two things worked really well for me. Check your logs to make sure someone is not trying to brute force their way in.