First make sure you are running the newest version of Wordfence. Also make sure your site meets our System Requirements.
“The current scan looks like it has failed”
If the scan has stopped running unexpectedly, the scan page may show this message: “The current scan looks like it has failed. Its last status update was 7 mins ago. You may continue to wait in case it resumes or stop and restart the scan. Some sites may need adjustments to run scans reliably.”
This is often caused by the host stopping processes that run longer than a time limit they have set lower than what they have set in PHP’s “max_execution_time”, or when the host monitors memory usage of multiple processes rather than only PHP’s “memory_limit”. Some hosts may have other limits in place. In most cases, the steps below should help, but if not, please see the additional items below and submit a support request if needed.
Advanced users can change the threshold for this message using the WORDFENCE_SCAN_FAILURE_THRESHOLD constant described on the page Wordfence constants for advanced configuration.
Scan time limit exceeded
Some options combined with a large number of files can make scans take a long time, especially on slower servers. You can set a limit for how long Wordfence scans will run on your site. The option is called “Time limit that a scan can run in seconds.” and it’s available on the Wordfence Options page in the section “Scans to include”. Leaving this option blank will allow Wordfence to use the default limit. If your site reaches this limit during a scan, you will see a message in the scan results like:
Scan terminated with error: The scan time limit of 3 hours has been exceeded and the scan will be terminated. This limit can be customized on the options page.
If this happens, then the scan stops and reports the issues it has found so far, but the remainder of the scan will not be able to run unless you make some changes to scan options or the site’s files. This issue will remain listed in the scan results until a successful scan has been completed without reaching the time limit.
Resolving the issue
You can adjust some options to help scans complete more quickly, look for reasons that might cause the long scans, or increase the time limit, as described below.
Scan images, binary, and other files as if they were executable
This option can be disabled if you have many non-PHP files being scanned. This option is off by default, but you may have enabled it on your site. If you have limited memory on your site but also have an exceptionally large amount of images (for example 50,000 on a fast server, or even just 5,000 on a much slower server) turning this option off may be necessary.
Exclude files from scan that match these wildcard patterns
You can add files, directories, or patterns to the “Exclude files from scan that match these wildcard patterns” box on the options page, to prevent them from being scanned. This can be useful if you keep large files within your site’s folders, such as backups.
Additionally, we recommend saving backups somewhere other than in your site’s own folders. In addition to saving time in scans, if the host had a major problem with the server and the whole site was lost, it is best to have your backups stored somewhere else.
Scan files outside your WordPress installation
If you have “Scan files outside your WordPress installation” enabled, you can disable it to scan fewer files. If you have additional non-WordPress applications installed, or additional sites in subdirectories of the main site (such as on some shared hosting plans), they will not be scanned if this option is disabled. If the additional sites also run Wordfence, their scans will still run normally.
Check the error logs generated by your site. It’s possible that a conflict with another plugin, a database issue, or settings on the server may be interfering with the scans, causing them to take longer than they should. Wordfence may be able to locate the error log for you. If so, you will be able to see the path to your error logs and download them from the Wordfence Diagnostics page (found on the Tools menu) in the section “Log Files (Error messages from WordPress core, plugins, and themes)”.
Time limit that a scan can run in seconds
You can set this option to a longer duration, if you want scans to run for a longer time. Many hosts have limits on resource usage, especially on shared hosting plans, so it is generally best to reduce usage rather than increasing the limit.
Adjust the max execution time
If your scans do not complete and seem to be dying silently, or if you are getting an error about max execution time in your error logs, you can try adjusting the Wordfence option “Max execution time”.
- Go to wordfence “Scan Options” page.
- In the section “Performance Options”, set “Maximum execution time for each scan stage” to 15 seconds.
- Don’t forget to “Save Changes”.
- Try another scan.
If the scan still does not complete, try this instead:
- Go to the Wordfence Tools page, click the Diagnostics tab, and open the “Other Tests” section.
- Now click on “Click to view your system’s configuration in a new window”.
- Look for max_execution_time.
- Go back to the “Scan Options” and the section “Performance Options” and set the “Maximum execution time for each scan stage” to about 80% of that value. So if it’s 90, try setting the option to 75.
- Try another scan and see if that works.
Details about the debugging steps above
Wordfence scans run for a few seconds up to several minutes. Most web servers don’t allow processes that run for several minutes. So the way we get around that is that we start a scan, and then after “Maximum execution time for each scan stage” we pause the scan and launch another process and pick up where we left off. We try to auto-detect what the max execution time should be for your server, but sometimes we get it wrong. So we’ve added this advanced config parameter to allow you to tell us how long a process should be allowed to run on your server.
When you set this value, you must make sure it’s not greater than the maximum execution time that PHP allows. That is the value set in “max_execution_time”. If your web host has set an Apache config variable that limits process execution time or if they have a “killer daemon” that kills long running processes, you also need to make sure that your “Max execution time” is shorter than the max process time that these allow. However, you don’t want to set this value too low because it will increase load on your server as Wordfence pauses and restarts every time it hits the time limit. So the trick is to find a happy medium. Often this seems to be around 15 seconds, so try that first.
Handling memory errors
If you see an error about running out of memory, you can try the following:
- Go to wordfence “Scan Options” page.
- In the section “Performance Options”, find the option “How much memory should Wordfence request when scanning”
- Try increasing this to 300 Megabytes (the default is 256 megs)
- Do another scan.
If you still get an out of memory error, try increasing by another 50 and re-scan. You can keep increasing by 50 megabytes, but be careful that your web server does not run out of memory, because this may cause the operating system to behave unpredictably. You can refer to your web host’s documentation to find out what the maximum memory is that you’ve been allocated.
Additional memory limits and other limits you may not see
Some hosts limit memory across multiple processes, or may have CPU usage limits over a period of time. These limits are not always obvious since they may not cause error messages in your logs, and may make the scan appear to just stop working.
PHP 7 has substantial performance improvements in both memory and CPU usage, compared to any of the 5.x versions, so switching to a newer PHP version may help in these cases. Many hosts allow you to choose your preferred PHP version, and others will help you change it if you ask. We’ve collected help documents for switching PHP versions for a few of them:
Make sure to test your site after switching PHP versions. WordPress and many plugins will also perform better with PHP 7, but some plugins may not be ready for it yet.
Two plugins have been known to cause issues with scans, with certain settings:
W3 Total Cache – The “Database cache” can return outdated database records during a scan. All other cache options in W3 Total Cache should be ok if the database cache is disabled. (The database cache can cause issues with some other plugins as well.)
Query Monitor – This plugin is helpful for query troubleshooting, but it causes all database queries to be saved, which uses lot of memory during Wordfence scans. We recommend disabling it when you are not actively using it.
Scan process ended after forking
If you get the ‘Scan process ended after forking’ check and make sure you have not blocked the wp-admin folder with a .htaccess file or limited access to it for the same. Make sure and allow your server’s IP address access to this folder. Also check if you have the memcache or object-cache on the site. Memcache may have to be restarted twice in order for the object-cache to get rid of the saved cron key.
LiteSpeed web server settings
If you are using a LiteSpeed server you may need to add a “noabort” directive to your .htaccess.
If your scans aren’t starting
Try starting scans remotely
Try enabling the option at the bottom of the Diagnostics tab on the Wordfence Tools page titled “Start all scans remotely”. Check the box, save and then try another scan. If it does not fix the problem, keep reading.
Make sure you don’t have an “Under Construction” plugin running that is blocking access to your site’s AJAX handler which is located at /wp-admin/admin-ajax.php. If you do, disable the under construction plugin and try another scan.
Do not password-protect wp-admin
Make sure you have not set up a secondary password to protect access to /wp-admin/. This is a bad idea and will break Wordfence scanning along with any public AJAX functionality in WordPress. Read more about this on this blog entry.
Make sure our servers are not blocked from reaching your site
Make sure you haven’t blocked Wordfence’s scanning server’s IP address range from accessing your site. Our servers are from 184.108.40.206 to 220.127.116.11. If your site is unable to connect to itself to start a scan, we get our scanning servers to connect to you to kick the scan off. If you’ve blocked our servers, your scans won’t start. The newest version of Wordfence has code that prevents you from blocking individual addresses in our range but you can still block our entire network, so make sure you haven’t done that. If you are unsure, check with your hosting provider and ask them if they are blocking outbound connections to our IP address range.
Check the database’s tables
We’ve seen some customers who are experiencing table corruption where (for example) the table ending in ‘wfStatus’ is corrupted and marked as ‘crashed’ by mysql. What happens in that case is that the scan will run, but every time Wordfence tries to write to the log (the yellow box that shows scan status) nothing gets written and an error is written to your web server error log. To diagnose this, check your web server error log and it will contain a lot of errors that look like this:
WordPress database error Table ‘./blah_abc/xyz_01wfStatus’ is marked as crashed and should be repaired for query…..
If you see this, you need to launch phpmyadmin and repair the crashed tables. Or log a support call with your hosting provider and they can do this manually.
Check the WordPress AJAX handler
A common problem is that your site’s WordPress AJAX handler is not working. You may have accidentally blocked access to it, or a theme you’re using may have broken it. Test that you can access the following URL: www.example.com/wp-admin/admin-ajax.php Replace www.example.com with your site URL. You should see a blank page with a “0″ at the top left. If you don’t see this, then you need to fix your site’s AJAX handler or Wordfence and many other WordPress features won’t work.
Additional scan troubleshooting
If you see a 500 Internal Server Error, then check your web server’s error log for the reason. If you don’t know how to do this ask your site administrator or hosting company.
If you see a FORBIDDEN message, then you’ve probably set up an .htaccess file that blocks access to your wp-admin area and you need to add an exclusion for your AJAX handler.
If you see a page that looks like your site home page or some other page on your site, then your designer or theme creator has broken the way your site works and you need to tell them to fix access to the WordPress AJAX handler.