Scan Troubleshooting

If you are having problems getting your scans to start or complete, please see these instructions for some basic debugging steps.

First make sure you are running the newest version of Wordfence. Also make sure your site meets our System Requirements.

“The current scan looks like it has failed”

If the scan has stopped running unexpectedly, the scan page may show this message: “The current scan looks like it has failed. Its last status update was 7 mins ago. You may continue to wait in case it resumes or stop and restart the scan. Some sites may need adjustments to run scans reliably.”

This is often caused by the host stopping processes that run longer than a time limit they have set lower than what they have set in PHP’s “max_execution_time”, or when the host monitors memory usage of multiple processes rather than only PHP’s “memory_limit”. Some hosts may have other limits in place. In most cases, the steps below should help, but if not, please see the additional items below and submit a support request if needed.

Advanced users can change the threshold for this message using the WORDFENCE_SCAN_FAILURE_THRESHOLD constant described on the page Wordfence constants for advanced configuration.

Scan time limit exceeded

Some options combined with a large number of files can make scans take a long time, especially on slower servers. You can set a limit for how long Wordfence scans will run on your site. The option is called “Time limit that a scan can run in seconds.” and it’s available on the Wordfence Options page in the section “Scans to include”. Leaving this option blank will allow Wordfence to use the default limit. If your site reaches this limit during a scan, you will see a message in the scan results like:

Scan terminated with error: The scan time limit of 3 hours has been exceeded and the scan will be terminated. This limit can be customized on the options page.

If this happens, then the scan stops and reports the issues it has found so far, but the remainder of the scan will not be able to run unless you make some changes to scan options or the site’s files. This issue will remain listed in the scan results until a successful scan has been completed without reaching the time limit.

Resolving the issue

You can adjust some options to help scans complete more quickly, look for reasons that might cause the long scans, or increase the time limit, as described below.

Scan images, binary, and other files as if they were executable
This option can be disabled if you have many non-PHP files being scanned. This option is off by default, but you may have enabled it on your site. If you have limited memory on your site but also have an exceptionally large amount of images (for example 50,000 on a fast server, or even just 5,000 on a much slower server) turning this option off may be necessary.

Exclude files from scan that match these wildcard patterns
You can add files, directories, or patterns to the “Exclude files from scan that match these wildcard patterns” box on the options page, to prevent them from being scanned. This can be useful if you keep large files within your site’s folders, such as backups.

Additionally, we recommend saving backups somewhere other than in your site’s own folders. In addition to saving time in scans, if the host had a major problem with the server and the whole site was lost, it is best to have your backups stored somewhere else.

Scan files outside your WordPress installation
If you have “Scan files outside your WordPress installation” enabled, you can disable it to scan fewer files. If you have additional non-WordPress applications installed, or additional sites in subdirectories of the main site (such as on some shared hosting plans), they will not be scanned if this option is disabled. If the additional sites also run Wordfence, their scans will still run normally.

Error logs
Check the error logs generated by your site. It’s possible that a conflict with another plugin, a database issue, or settings on the server may be interfering with the scans, causing them to take longer than they should. Wordfence may be able to locate the error log for you. If so, you will be able to see the path to your error logs and download them from the Wordfence Diagnostics page (found on the Tools menu) in the section “Log Files (Error messages from WordPress core, plugins, and themes)”.

Time limit that a scan can run in seconds
You can set this option to a longer duration, if you want scans to run for a longer time. Many hosts have limits on resource usage, especially on shared hosting plans, so it is generally best to reduce usage rather than increasing the limit.

Adjust the max execution time

If your scans do not complete and seem to be dying silently, or if you are getting an error about max execution time in your error logs, you can try adjusting the Wordfence option “Max execution time”.

  1. Go to wordfence “Scan Options” page.
  2. In the section “Performance Options”, set “Maximum execution time for each scan stage” to 15 seconds.
  3. Don’t forget to “Save Changes”.
  4. Try another scan.

If the scan still does not complete, try this instead:

  1. Go to the Wordfence Tools page, click the Diagnostics tab, and open the “Other Tests” section.
  2. Now click on “Click to view your system’s configuration in a new window”.
  3. Look for max_execution_time.
  4. Go back to the “Scan Options” and the section “Performance Options” and set the “Maximum execution time for each scan stage” to about 80% of that value. So if it’s 90, try setting the option to 75.
  5. Try another scan and see if that works.

Details about the debugging steps above

Wordfence scans run for a few seconds up to several minutes. Most web servers don’t allow processes that run for several minutes. So the way we get around that is that we start a scan, and then after “Maximum execution time for each scan stage” we pause the scan and launch another process and pick up where we left off. We try to auto-detect what the max execution time should be for your server, but sometimes we get it wrong. So we’ve added this advanced config parameter to allow you to tell us how long a process should be allowed to run on your server.

When you set this value, you must make sure it’s not greater than the maximum execution time that PHP allows. That is the value set in “max_execution_time”. If your web host has set an Apache config variable that limits process execution time or if they have a “killer daemon” that kills long running processes, you also need to make sure that your “Max execution time” is shorter than the max process time that these allow. However, you don’t want to set this value too low because it will increase load on your server as Wordfence pauses and restarts every time it hits the time limit. So the trick is to find a happy medium. Often this seems to be around 15 seconds, so try that first.

Handling memory errors

If you see an error about running out of memory, you can try the following:

  1. Go to wordfence “Scan Options” page.
  2. In the section “Performance Options”, find the option “How much memory should Wordfence request when scanning”
  3. Try increasing this to 300 Megabytes (the default is 256 megs)
  4. Do another scan.

If you still get an out of memory error, try increasing by another 50 and re-scan. You can keep increasing by 50 megabytes, but be careful that your web server does not run out of memory, because this may cause the operating system to behave unpredictably. You can refer to your web host’s documentation to find out what the maximum memory is that you’ve been allocated.

Additional memory limits and other limits you may not see

Some hosts limit memory across multiple processes, or may have CPU usage limits over a period of time. These limits are not always obvious since they may not cause error messages in your logs, and may make the scan appear to just stop working.

PHP 7 has substantial performance improvements in both memory and CPU usage, compared to any of the 5.x versions, so switching to a newer PHP version may help in these cases. Many hosts allow you to choose your preferred PHP version, and others will help you change it if you ask. We’ve collected help documents for switching PHP versions for a few of them:

Dreamhost
GoDaddy
GoDaddy (cPanel)
BlueHost
SiteGround

Make sure to test your site after switching PHP versions. WordPress and many plugins will also perform better with PHP 7, but some plugins may not be ready for it yet.

Plugin conflicts

Two plugins have been known to cause issues with scans, with certain settings:

W3 Total Cache – The “Database cache” can return outdated database records during a scan. All other cache options in W3 Total Cache should be ok if the database cache is disabled. (The database cache can cause issues with some other plugins as well.)

Query Monitor – This plugin is helpful for query troubleshooting, but it causes all database queries to be saved, which uses lot of memory during Wordfence scans. We recommend disabling it when you are not actively using it.

Scan process ended after forking

If you get the ‘Scan process ended after forking’ check and make sure you have not blocked the wp-admin folder with a .htaccess file or limited access to it for the same. Make sure and allow your server’s IP address access to this folder. Also check if you have the memcache or object-cache on the site. Memcache may have to be restarted twice in order for the object-cache to get rid of the saved cron key.

LiteSpeed web server settings

If you are using a LiteSpeed server you may need to add a “noabort” directive to your .htaccess.

If your scans aren’t starting

Try starting scans remotely
Try enabling the option at the bottom of the Diagnostics tab on the Wordfence Tools page titled “Start all scans remotely”. Check the box, save and then try another scan. If it does not fix the problem, keep reading.

Check plugins
Make sure you don’t have an “Under Construction” plugin running that is blocking access to your site’s AJAX handler which is located at /wp-admin/admin-ajax.php. If you do, disable the under construction plugin and try another scan.

Do not password-protect wp-admin
Make sure you have not set up a secondary password to protect access to /wp-admin/. This is a bad idea and will break Wordfence scanning along with any public AJAX functionality in WordPress. Read more about this on this blog entry.

Make sure our servers are not blocked from reaching your site
Make sure you haven’t blocked Wordfence’s scanning server’s IP address range from accessing your site. Our servers are from 69.46.36.0 to 69.46.36.32. If your site is unable to connect to itself to start a scan, we get our scanning servers to connect to you to kick the scan off. If you’ve blocked our servers, your scans won’t start.
The newest version of Wordfence has code that prevents you from blocking individual addresses in our range but you can still block our entire network, so make sure you haven’t done that.

Check the database’s tables
We’ve seen some customers who are experiencing table corruption where (for example) the table ending in ‘wfStatus’ is corrupted and marked as ‘crashed’ by mysql. What happens in that case is that the scan will run, but every time Wordfence tries to write to the log (the yellow box that shows scan status) nothing gets written and an error is written to your web server error log. To diagnose this, check your web server error log and it will contain a lot of errors that look like this:
WordPress database error Table ‘./blah_abc/xyz_01wfStatus’ is marked as crashed and should be repaired for query…..

If you see this, you need to launch phpmyadmin and repair the crashed tables. Or log a support call with your hosting provider and they can do this manually.

Check the WordPress AJAX handler
A common problem is that your site’s WordPress AJAX handler is not working. You may have accidentally blocked access to it, or a theme you’re using may have broken it. Test that you can access the following URL: www.example.com/wp-admin/admin-ajax.php Replace www.example.com with your site URL. You should see a blank page with a “0″ at the top left. If you don’t see this, then you need to fix your site’s AJAX handler or Wordfence and many other WordPress features won’t work.

Additional scan troubleshooting

If you see a 500 Internal Server Error, then check your web server’s error log for the reason. If you don’t know how to do this ask your site administrator or hosting company.

If you see a FORBIDDEN message, then you’ve probably set up an .htaccess file that blocks access to your wp-admin area and you need to add an exclusion for your AJAX handler.

If you see a page that looks like your site home page or some other page on your site, then your designer or theme creator has broken the way your site works and you need to tell them to fix access to the WordPress AJAX handler.

Frequently Asked Questions

  • Error connecting to the Wordfence scanning servers

    Errors about connecting to the Wordfence scanning servers usually mean that your web server (the machine that runs your WordPress website) can’t connect to our scanning servers. It is possible that

    1. Your server is blocking outgoing connections
    2. There are some DNS resolution issues

    When you run a scan your web server needs to be able to connect to our scanning server which is noc1.wordfence.com, so that it can send hashes of files and signatures for comparison against known bad items. Your web server must be able to connect to port 443 and port 80 of noc1.wordfence.com. To test if it can do this, you can SSH to your server and run the following commands. If you don’t know how to do this, ask your administrator or hosting company.

    Depending on what is installed on your server one or more may work:

    dig noc1.wordfence.com
    nslookup noc1.wordfence.com
    host noc1.wordfence.com
    getent hosts noc1.wordfence.com
    ping noc1.wordfence.com

    You can try connecting both to port 80 and port 443. As long as you can connect to both, you should be able to scan. You should see the IP 69.46.36.28 returned. If you are seeing anything other than that it’s possible that your host has a caching nameserver that isn’t respecting the TTL (Time To Live). This would mean that it’s keeping old records longer than it should.

    You can also try:

    • Uncheck “Enable ssl verification”. It is found under Tools, on the Diagnostics tab at the bottom of the page.
    • Make sure your cUrl is not outdated and allows outbound connections. Run the connectivity tester (near bottom of the Wordfence options page) to test. If you receive an error, a ticket with your hosting provider may be required.
    • Check iptables (linux) to make sure you are accepting those connections.

    To set iptables to accept the connections, the following code should be checked and adjusted for your particular site, by an experienced server manager or your hosting company:


    sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
    sudo iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT

  • PHP Fatal error: Allowed memory size exhausted

    Occasionally, depending on your site, resources, and plugins and themes you may get a php error that says something like this:

    PHP Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 491520 bytes)

    Fatal error: Out of memory (allocated 33292288) (tried to allocate 616 bytes) in...

    This issue is not a Wordfence error but simply indicates that you need to contact your hosting provider and ask them to increase your site memory. Usually your hosting provider will edit your php.ini file to increase the memory_limit parameter, and they may also have to increase your web server memory limit along with any operating system limits they have.

    Increase PHP Memory
    This is an indication that your memory in php.ini is not set high enough. You can define this in your php.ini file (usually found in /etc on linux systems – check your documentation for windows servers, which are currently unsupported by Wordfence). Look through the file for a line like this: memory_limit = 128M. Keep in mind the 128M is probably different. That’s the amount of memory that php is allowed to consume. If you have 10 plugins and combined they consume more memory than you have allocated, you’re going to have problems. You can assign more by increasing this value. (Some of our personal sites have 256M allowed, but these are pretty big sites with a substantial number of hits and plugins). Make sure and restart httpd (apache) after making changes here.

    Disable plugins that affect database queries
    When the scan is running Wordfence has to make a lot of database queries. If you are using plugins that affect all database queries such as Query Monitor, you may run out of PHP memory. If you have Query Monitor or any similar plugin installed, make sure it’s deactivated while Wordfence scan is running.

  • Red error messages in the scan log

    You can view the activity log by clicking Scan on the Wordfence menu on the left of your WordPress admin console and then clicking the link “View activity log” below the “Scan Detailed Activity” box. The red errors you see here are not just Wordfence errors, but also errors from other plugins and even WordPress itself in rare cases.

    If you see red errors here, they are often just warnings which may not affect the functioning of your site. But you should investigate them and report any errors to the owner of the plugin that is generating the error.

    An example of a plugin error is:

    Use of undefined constant user_level – assumed ‘user_level’ (8) File: /home/blah/foo/bar/home/wp-content/plugins/the-name-of-the-plugin-here/somefile.php Line: 525

    If you look at the filename above, notice where the name of the plugin appears. Use that to determine which plugin is generating the errors you’re seeing, and report the issue to the plugin maker. If Wordfence is generating the error, then report it to us ASAP! If the error is the last error (or close to last) that appears before a scan mysteriously stops running, then send that to us too.