The Diagnostics page contains a large amount of different checks related to your Wordfence installation. If you are in touch with Wordfence Support, they may ask you to have a look at this page or specific parts of it. You can also click a button “Send report by email” and email yourself, or a support representative, a full diagnostics report.
Click to view your system’s configuration in a new window
This link will show you the output of phpinfo(). If this page is blank, it likely means your web host has disabled the use of phpinfo(). You will then need to contact your web host to find out how PHP is configured on your site.
Test your WordPress host’s available memory
This test will create a data structure that uses memory up to the limit set in “How much memory should Wordfence request when scanning” on the options page, to test if your web server allows you to allocate at least that much memory. If this test fails you should contact your hosting provider and ask them to allocate more memory to your WordPress server. Wordfence generally uses little memory during regular visits, but it requires more during scans, especially if your site has a lot of files, content, users, or other data.
This test may not work on all hosts, especially if they limit memory in a different way, aside from PHP’s normal “memory_limit” option. Additionally, if the test shows your home page rather than the test results, this could be a sign of other limitations on the server, or a conflict with a theme or another plugin.
Send a test email from this WordPress server to an email address
This is a way to test if email from your WordPress system is working. Enter your own email address and hit the send button. If you don’t receive an email (and remember to check your spam folder) then log a support ticket with your hosting provider to investigate why your WordPress server is unable to successfully send email.
Send a test activity report email
This sends an email containing a summary of the recent activity on your site, for testing purposes.
Enable debugging mode
This will enable verbose logging in Wordfence. A lot more will be written to the log which you can see on the ‘Scan’ page in the lower yellow box.
More of the additional activity written to the log can be seen when you perform a scan. However during many other operations we do additional logging if this option is enabled.
Note that when this option is enabled, a significant amount of additional data is written to the database, so it increases your site’s database, network and CPU load significantly. We recommend you only enable this option for short periods of time (an hour at a time) while you are trying to solve a specific problem with Wordfence.
Start all scans remotely
Wordfence usually starts scans by having the server connect to itself to launch another long running web request which performs the scan. Some servers are unable to connect to themselves correctly so we have created a mechanism which causes your Wordfence installation to connect to our servers which then connect back to your servers to start the scan.
Note that this uses a secure token which prevents any user on the public Internet from starting a scan. Enable this option if you are having trouble starting scans.
Enable SSL Verification
SSL verification should normally be enabled, but it can be disabled if you are consistently unable to connect to the Wordfence servers. You can see the status of your connection to Wordfence servers on the “Diagnostics” page in the section “Connectivity”.
Disable reading of php://input
The firewall uses the “raw” body of requests by reading php://input. Older versions of PHP only allow reading this data once, and if another plugin needs it but doesn’t fall back to using $HTTP_RAW_POST_DATA, it cannot load the data. This option disables reading of php://input, and has essentially the same function as the constant “WFWAF_DISABLE_RAW_BODY”, but it can allow the body to be captured in a different way in some cases.
Some versions of PHP using “lsapi,” the LiteSpeed server API (including Cloudlinux), had a bug that caused some requests to make large temp files when php://input was read. This should be fixed in mid-2018, but we haven’t heard of a definite date yet. If your host doesn’t apply updates for PHP, Apache, or CloudLinux, you may still have this issue later in 2018, though it is a relatively rare issue.
Generally, this option should be unchecked, unless you are having the specific problems above, since a few firewall rules depend on reading the raw body, to be effective.
Enable beta threat defense feed
If you enable this option you will be participating in the group of users who get the beta version of the threat defense feed. This is not recommended for production sites, since beta signatures are not yet fully tested and can cause slow scans, scan failures, or false positives. This option has no effect unless a premium key is installed.