cPFence so the Linux oom killer doesn't kill the specific process that caused memory usage to spike. It uses a scoring system taking multiple variables into account.
Typical WordPress queries don't thrash server resources too much, there might be many but thay all finish quickly. It's rare to find a WordPress theme that causes an abnormal amount of SQL queries, not impossible, but rare.
Those bad queries you're talking about are usually due to a plugin that was never tested on sites with 5000 users or 10,000 WooCommerce orders. But these types of queries aren't happening multiple times per second, unless you have a high traffic site. There are instances where a plugin is using admin-ajax.php on the frontend for non-logged in users, and then also does a silly query. But again, not seeing slow queries in the mysql slow log.
The cpFence ClamAV scanner was the culprit a couple of times, we've seen it cause OOM issues. I thought it was ondemand? Looks like it's doing full scans.
There is also the default configuration of Openlitespeed on Enhance which also problematic. The default configuration for LSPHP has maxConns set to 1000. Which means sites that are under attack or get a large amount of traffic have no emergency brake. It just seems silly. Then you have perClientConnLimit which isn't even configured. So you can take down an enhance server pretty easily just by using any off the shelf load tester.
Also, cpFence removing swap, seems pretty silly, mostly because most servers have SSD storage and swap saves the server from being completely inaccessiable when it runs out of memory.