Monday Oct 8th: Update on Wordfence scanning server availability

This topic contains 15 replies, has 9 voices, and was last updated by mark 7 months ago.

Viewing 15 posts - 1 through 15 (of 16 total)

1 2 →

Author	Posts
Author	Posts

mark said Hi All, Exec summary: Full scanning is currently only available for paying customers. This is a temporary measure to reduce load while we rush out a new release which will fix the load issues we’re having and re-enable full scans for our free customers. If you’re a paid customer you should have uninterrupted service now. If you’re a free customer, my apologies for the inconvenience but we’ll be back shortly. More detail: Wordfence has grown far beyond what I’d hoped and our growth has been exponential. The graphs on our servers look like a curve trending upwards to the right. We finally hit maximum capacity last Friday and our scanning server has been groaning under the load since then. If this impacted you, you will have seen one of the following issues: Scans hanging. Scans coming back with a CURL error, communication error or HTTP error. Errors claiming that you’re not using a valid API key. [Yes, this was also caused by excessive load on our server] Scans appearing to run slowly because they are stuck waiting for our server to get back to the Wordfence plugin. Unfortunately these things don’t seem to come at the best of times and it caught my small team and I off-guard. We’re scrambling to catch up and here is the current plan of action to scale rapidly and maintain the high quality of service you’ve become accustomed to: 1. We have set our scanning server to only allow scans from paid customers. This has immediately restored full service to paying customers, removed all slowdowns and free customers can no longer do full scans but have access to all other Wordfence functions like the firewall, real-time comment scanning and live traffic. THIS IS TEMPORARY. It will ensure that our priority folks will continue to have a high quality of service. It also ensures that functions like scanning comments for malware URL’s will continue to function on free and paid customer websites without interruption. 2. We are doing a rapid rearchitecting of Wordfence to reduce the load on our scanning service without increasing load on your servers. Specifically we are moving file hash data off our scanning server and into a cache which will live on your local WordPress installation. This will not consume much additional disk space, but will give you a local copy of hashes for themes plugins and core files which the plugin will scan against, instead of communicating with our scanning server and having it do the hash comparisons. [I know this is technical and I apologize, but I'm sharing this with you in the interests of full transparency]. This will substantially reduce network communications and speed up scan time. It will remove the main cause of slowdown on our scanning server. 3. We are improving predictive monitoring to ensure this doesn’t happen in future. So free customers please bear with us as we rush this release out which will reenable free scanning and allow us to scale with the tens of thousands of websites that already have Wordfence installed. Paid customers: you should have uninterrupted service. Thanks for your patience. Regards, Mark Maunder Wordfence Founder. This topic was modified 7 months, 1 week ago by mark. This topic was modified 7 months, 1 week ago by mark. This topic was modified 7 months, 1 week ago by mark. October 8, 2012 at 12:44 pm #6668

Kirk Ward said I’m a free user (at this time), and I think that was absolutely the appropriate thing to do. It’s a great plugin, and I’m not surprised at all by your growth. Best Wishes! October 9, 2012 at 9:32 pm #6695

James said Thanks for the heads up! Awesome plugin October 10, 2012 at 9:27 pm #6699

GS Ong said Keep up the great work and hope things get back to normal soon. October 10, 2012 at 11:31 pm #6702

steven stern said I was going to ask “How can I help”, but then I figured it out. I just bought 3 premium keys for my critical sites. October 11, 2012 at 12:05 pm #6708

Coral Atlas said Sorry … but sorry is unprofessional. Period. October 11, 2012 at 3:01 pm #6709

Kirk Ward said @Coral Atlas … what planet are you on? They’re under no obligation to cater to free customers. Things happen. The post stated that they did this to make sure paying customers were properly served. You do have the option of paying. That way, you won’t have to complain when they say “Sorry.” October 11, 2012 at 3:31 pm #6710

Arpit G said I am running wordpress 3.4.2 on localhost (xampp pack) on a windows machine and Comodo firewall. I have the same problem, the plugin is not able to fetch API key from your server. Comodo Firewall active connection window shows the connection between my comp and your servers. Another Usage Question : As you specify that your plugin has a firewall. Can the firewall be configured (or any other way in the plugin) to actually block wordpress core or specific theme files from sending /receiving data to a particular IP just like as we can do with a desktop firewall (in my case comodo internet security). I downloaded some themes which may be having base64 encoded code embedded in them. I checked it with TAC plugin and it did show theme files containing encoded data. I could try removing the encoded code but that might break the theme altogether and then there might be other way to link or code some functions or modules that might make a call to the hacker’s servers and on top of that I am not that good with PHP so I thought it would be better to provide a kind of environment where the file is not able to make a call to the IP address altogether. If it’s not possible with ur plugin, can this be done in other way, in Apache modules or any other way you guys can suggest. My live production servers is a basically a shared hosting on Linux with Shell/SSH access. Thanks & regards, appu. October 11, 2012 at 7:50 pm #6713

ari salomon said good luck. thanks for the detailed report…. October 12, 2012 at 4:13 pm #6724

Arpit G said hi, I asked a question. I was expecting some sort of solution to my problem. It would have been better if you actually replied specific to my question especially my question about wordfence firewall. thanks & regards, appu October 12, 2012 at 10:43 pm #6726

steven stern said Arpit: As far as I can tell, Wordfence does not block outgoing traffic. By the way, did notice you posted your question in the middle of a different question? You’d probably have received a better response if you’d started a new thread. Here’s an interesting discussion of how to configure WordPress to use a proxy server for outbound connections. If you set up a proxy somewhere in the cloud (e.g., on an AWS EC2 instance), you could monitor the outbound connection from your WordPress instances. http://www.netregistry.com.au/support/articles/firewall-problem-with-akismet-plugin-for-wordpress October 13, 2012 at 9:15 am #6728

Coral Atlas said I would suggest a status embedded within the app and an eta for the fix as courtesy for free users … October 13, 2012 at 11:18 am #6729

georges.2312 said I perfectly understand, you have done a superb job, I’m not surprised you have an exponential load. I just bought a Premium Key to support you. I encourage others to do the same. Thanks for all what you do to keep the Web and WordPress a safer place. October 14, 2012 at 8:54 am #6736

mark said This issue has now been fully resolved. Free scanning is back. Please upgrade to the newest version of Wordfence version 3.3.2 which has significant performance improvements over previous versions and reenables scanning for all our free customers. Regards, Mark. October 15, 2012 at 1:09 pm #6746

Kirk Ward said Wordpress hasn’t sent out the update notices. Do we overwrite the old version or delete and re-install? October 15, 2012 at 1:34 pm #6752