Diagnostics

Find out your PHP Version, database permissions, connectivity test results, and much more in Wordfence Diagnostics.

The “Tools” > “Diagnostics” page contains a large amount of different checks related to your Wordfence installation. If you have spoken to Wordfence Support, they may ask you to have a look at this page or specific parts of it. You can click the “Send report by email” button and email yourself or a support representative a full diagnostics report. You can also click the “Export” button to export the diagnostic data as a plain text file.

Other Tests

Click to view your system’s configuration in a new window

This link will show you the output of the “phpinfo” PHP function. If this page is blank, it likely means your web host has disabled the use of the “phpinfo” PHP function. You will then need to contact your web host to find out how PHP is configured on your site.

Test your WordPress host’s available memory

This test will create a data structure that uses memory up to the limit set in the option “How much memory should Wordfence request when scanning” on the “Scan” > “Scan Options and Scheduling” page. The test will show if your web server allows you to allocate at least that much memory. If this test fails then you should contact your hosting provider and ask them to allocate more memory to your hosting account. Wordfence generally uses a small amount of memory during regular visits, but it requires more during scans, especially if your site has a lot of files, content, users, or other data.

This test may not work on all hosts, especially if they limit memory in a different way, aside from the PHP “memory_limit” function. Additionally, if the test shows your home page rather than the test results, this could be a sign of other limitations on the server or a conflict with a theme or another plugin.

Send a test email from this WordPress server to an email address

This is a way to test if email from your WordPress site is working. Enter your own email address and hit the send button. If you do not receive an email (remember to check your spam folder) then log a support ticket with your hosting provider to investigate why your WordPress site is unable to successfully send a test email.

Send a test activity report email

This sends an email containing a summary of the recent activity on your site, for testing purposes.

Clear all Wordfence Central connection data

If you are unable to disconnect a site from Wordfence Central, or you are attempting to reconnect a site that was previously connected, you can click the “Clear Connection Data” button. After that, connecting to Wordfence Central from the “Wordfence Central Status” widget on the Wordfence plugin “Dashboard” page should be possible again.

Debugging Options

Enable debugging mode

This will enable verbose logging in Wordfence. A lot more will be written to the scan activity log which you can see on the “Scan” page.

More of the additional activity written to the log can be seen when you perform a scan. However, during many other operations, we do additional logging if this option is enabled.

Note that when this option is enabled, a significant amount of additional data is written to the database, so it increases your site’s database, network, and CPU load significantly. We recommend you only enable this option for short periods of time (an hour at a time) while you are trying to solve a specific problem with Wordfence.

Start all scans remotely

Wordfence usually starts scans by having the server connect to itself with a request to launch a scan. Some servers are unable to connect to themselves correctly so we have created a mechanism that causes your Wordfence installation to connect to our servers which then connect back to your server to start the scan.

Note that this uses a secure token that prevents any user on the public internet from starting a scan. Enable this option if your scans don’t start correctly.

Enable SSL Verification

SSL verification should normally be enabled, but it can be disabled if you are consistently unable to connect to the Wordfence servers. You can see the status of your connection to Wordfence servers on the “Diagnostics” page in the “Connectivity” section.

Disable reading of php://input

The firewall uses the “raw” body of requests by reading “php://input”. Older versions of PHP only allow reading this data once, and if another plugin needs it but does not fall back to using $HTTP_RAW_POST_DATA, it cannot load the data. This option disables reading of “php://input”, and has essentially the same function as the constant “WFWAF_DISABLE_RAW_BODY”, but it can allow the body to be captured in a different way in some cases.

Some versions of PHP using LSAPI, the LiteSpeed server API (including CloudLinux), had a bug that caused some requests to make large temporary files when “php://input” was read. This should be fixed in the middle of 2018, but we have not heard of a definite date yet. If your hosting provider does not apply updates for PHP, Apache, or CloudLinux, you may still have this issue later in 2018, though it is a relatively rare issue.

Generally, this option should be unchecked, unless you are having the specific problems above, since a few firewall rules depend on reading the raw body, to be effective.

Enable beta threat defense feed

If you enable this option you will be participating in the group of users who get the beta version of our Threat Defense Feed. This is not recommended for production sites, since beta signatures are not yet fully tested and can cause slow scans, scan failures, or false positives. This option has no effect unless a Premium license key is installed.

Enable Wordfence translations

This option is on by default. If you have a site that is not in USA English, Wordfence is beginning to support translation to other languages. If you have any problems with a translation or have a multilingual site and want to keep Wordfence in English, you can disable this option.