Full scanning is currently only available for paying customers. This is a temporary measure to reduce load while we rush out a new release which will fix the load issues we’re having and re-enable full scans for our free customers. If you’re a paid customer you should have uninterrupted service now. If you’re a free customer, my apologies for the inconvenience but we’ll be back shortly.
Wordfence has grown far beyond what I’d hoped and our growth has been exponential. The graphs on our servers look like a curve trending upwards to the right. We finally hit maximum capacity last Friday and our scanning server has been groaning under the load since then.
If this impacted you, you will have seen one of the following issues:
Unfortunately these things don’t seem to come at the best of times and it caught my small team and I off-guard. We’re scrambling to catch up and here is the current plan of action to scale rapidly and maintain the high quality of service you’ve become accustomed to:
1. We have set our scanning server to only allow scans from paid customers. This has immediately restored full service to paying customers, removed all slowdowns and free customers can no longer do full scans but have access to all other Wordfence functions like the firewall, real-time comment scanning and live traffic. THIS IS TEMPORARY. It will ensure that our priority folks will continue to have a high quality of service. It also ensures that functions like scanning comments for malware URL’s will continue to function on free and paid customer websites without interruption.
2. We are doing a rapid rearchitecting of Wordfence to reduce the load on our scanning service without increasing load on your servers. Specifically we are moving file hash data off our scanning server and into a cache which will live on your local WordPress installation. This will not consume much additional disk space, but will give you a local copy of hashes for themes plugins and core files which the plugin will scan against, instead of communicating with our scanning server and having it do the hash comparisons. [I know this is technical and I apologize, but I'm sharing this with you in the interests of full transparency]. This will substantially reduce network communications and speed up scan time. It will remove the main cause of slowdown on our scanning server.
3. We are improving predictive monitoring to ensure this doesn’t happen in future.
So free customers please bear with us as we rush this release out which will reenable free scanning and allow us to scale with the tens of thousands of websites that already have Wordfence installed.
Paid customers: you should have uninterrupted service.
Thanks for your patience.
@Coral Atlas … what planet are you on? They’re under no obligation to cater to free customers. Things happen. The post stated that they did this to make sure paying customers were properly served. You do have the option of paying. That way, you won’t have to complain when they say “Sorry.”
I am running wordpress 3.4.2 on localhost (xampp pack) on a windows machine and Comodo firewall.
I have the same problem, the plugin is not able to fetch API key from your server. Comodo Firewall active connection window shows the connection between my comp and your servers.
Another Usage Question :
As you specify that your plugin has a firewall. Can the firewall be configured (or any other way in the plugin) to actually block wordpress core or specific theme files from sending /receiving data to a particular IP just like as we can do with a desktop firewall (in my case comodo internet security).
I downloaded some themes which may be having base64 encoded code embedded in them. I checked it with TAC plugin and it did show theme files containing encoded data.
I could try removing the encoded code but that might break the theme altogether and then there might be other way to link or code some functions or modules that might make a call to the hacker’s servers and on top of that I am not that good with PHP so I thought it would be better to provide a kind of environment where the file is not able to make a call to the IP address altogether.
If it’s not possible with ur plugin, can this be done in other way, in Apache modules or any other way you guys can suggest. My live production servers is a basically a shared hosting on Linux with Shell/SSH access.
Thanks & regards,
As far as I can tell, Wordfence does not block outgoing traffic. By the way, did notice you posted your question in the middle of a different question? You’d probably have received a better response if you’d started a new thread. Here’s an interesting discussion of how to configure WordPress to use a proxy server for outbound connections. If you set up a proxy somewhere in the cloud (e.g., on an AWS EC2 instance), you could monitor the outbound connection from your WordPress instances. http://www.netregistry.com.au/support/articles/firewall-problem-with-akismet-plugin-for-wordpress
The topic ‘Monday Oct 8th: Update on Wordfence scanning server availability’ is closed to new replies.