Scan failing during Vulnerability Scan

Hey @cyberspyder,

?Can you do the following so I can get the information I need to help you?

Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)

Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”

Set “Maximum execution time for each scan stage” to 20 on the options page

Click to “Save Changes”

Go to the Tools > Diagnostics page

In the “Debugging Options” section check the circle “Enable debugging mode”

Click to “Save Changes”.

Start a new scan

Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log and paste them here

Thanks,

Gerroald

Hey @cyberspyder,

We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

Please feel free to open another thread if you’re still having issues with Wordfence.

Thanks,

Gerroald

Thanks @wfgerald
However, I never received any notification of your reply and it was over the holidays, too.
If you’ll leave this open and give me a few days, I’ll run the diagnostic for you and past the last 20 lines here. I have previously already set the max execute times.
Thanks.

@wfgerald here is the requested info (I apologize for the delays due to the holidays)

NOTE – Scan failed quickly at 20 seconds with time out issue – I had previously had it set to 256

[Jan 06 16:21:49] Got value from wf config maxExecutionTime: 25
[Jan 06 16:21:49] getMaxExecutionTime() returning config value: 25
[Jan 06 16:21:54] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Mon, 06 Jan 2020 22:21:54 GMT', 'content-type' => 'text/html; charset=UTF-8', 'content-length' => '12', 'set-cookie' => array ( 0 => '__cfduid=d72b067a572e0dce057f9431cf9f28c2d1578349309; expires=Wed, 05-Feb-20 22:21:49 GMT; path=/; domain=.blackbisoncoffee.com; HttpOnly; SameSite=Lax; Secure', 1 => 'X-Mapping-inndgnee=771DC568DD9D49B4B51F2761735287F1; path=/', 2 => 'tk_ai=woo%3AlmOMEyFwSweWIRqWLH1w1w4i; path=/', ), 'vary' => 'User-Agent', 'cache-control' => 'no-transform, no-cache, no-store, must-revalidate', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'x-content-type-options' => 'nosniff', 'x-robots-tag' => 'noindex', 'x-frame-options' => 'SAMEORIGIN', 'referrer-policy' => 'strict-origin-when-cross-origin', 'cf-c
[Jan 06 16:21:54] Starting cron with normal ajax at URL https://www.blackbisoncoffee.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=64286ca44d50a62ae0fa0481c6263962&signature=f260c6d65e239ce55b67758e2e134e308b09b847e4679f022d4dc1014956ed55
[Jan 06 16:21:55] Scan process ended after forking.
[Jan 06 16:21:58] Scan engine received request.
[Jan 06 16:21:58] Verifying start request signature.
[Jan 06 16:21:58] Fetching stored cronkey for comparison.
[Jan 06 16:21:58] Checking cronkey: 64286ca44d50a62ae0fa0481c6263962 (expecting 64286ca44d50a62ae0fa0481c6263962)
[Jan 06 16:21:58] Checking saved cronkey against cronkey param
[Jan 06 16:21:58] Requesting max memory
[Jan 06 16:21:58] Setting up error handling environment
[Jan 06 16:21:58] Setting up scanRunning and starting scan
[Jan 06 16:21:58] Got a true deserialized value back from 'wfsd_engine' with type: object
[Jan 06 16:21:58] Indexing files for scanning
[Jan 06 16:21:58] -------------------
[Jan 06 16:21:58] Scan interrupted. Scanned 2325 files, 27 plugins, 6 themes, 0 posts, 0 comments and 0 URLs in 35 seconds.
[Jan 06 16:21:58] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=record_scan_metrics
[Jan 06 16:21:58] Wordfence used 17.85 MB of memory for scan. Server peak memory usage was: 131.85 MB
[Jan 06 16:21:58] Scan terminated with error: The scan time limit of 20 seconds has been exceeded and the scan will be terminated. This limit can be customized on the options page.

• This reply was modified 4 years, 10 months ago by Jan Dembowski.

Hey @cyberspyder,

Thanks for the update, and information.

Can you please try increasing your scan time limit and let me know if it helps?

https://www.wordfence.com/help/scan/troubleshooting/#scan-time-limit-exceeded

Please let me know how it goes.

Thanks,

Gerroald

@wfgerald I had previously researched and found information on where to look for some settings and it was suggested there that the time limit be three times of the value that was determined. I am not sure where I found that info – either by Google or from information here or on another forum.
Nonetheless, the value was found to be 80, so I had increased the time limit to 240, which is where it was before your suggestion of 20. I understand your reasoning as we need to start at a uniform place and work forward from there.
Again, this site is the only one that I have this issue with. We use WordFence on at least 10 other WP sites, with default WF settings in the same server environment, which is CloudSites at Liquid Web. I have checked with them and they don’t see any malware on the site and all the settings for the site seem correct as to wp-config and htaccess, etc. Also, there is nothing out of the ordinary on this site as far as plugins, etc. as it is just a basic WooCommerce site.
I will increase the time limit back to 240 and run the scan again and copy the last several lines in the next reply here.

I did have to change the execution time back to 0 (default 3 hours) to get the scan to go to the Vulnerability section again.
Here is that config:

Time limit that a scan can run in seconds 
0 or empty means the default of 3 hours will be used
0
How much memory should Wordfence request when scanning 
Memory size in megabytes
256
Maximum execution time for each scan stage 
0 for default. Must be 8 or greater and 10-20 or higher is recommended for most servers
30
Crashed/stopped again during Vulnerability scan. Here is the last part of the log from before the fork option to the stop point:

[Jan 07 10:22:04] Scanned contents of 7836 additional files at 21.20 per second
[Jan 07 10:22:04] Asking Wordfence to check URLs against malware list.
[Jan 07 10:22:04] Gathering host keys.
[Jan 07 10:22:04] Using MySQLi directly.
[Jan 07 10:22:04] Checking 23397 host keys against Wordfence scanning servers.
[Jan 07 10:22:04] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=check_host_keys
[Jan 07 10:22:06] Done host key check.
[Jan 07 10:22:06] Checking 199 URLs from 41 sources.
[Jan 07 10:22:06] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=check_bad_urls
[Jan 07 10:22:07] Done URL check.
[Jan 07 10:22:08] Finalizing malware scan results
[Jan 07 10:22:08] Done file contents scan
[Jan 07 10:22:08] Examining URLs found in posts we scanned for dangerous websites
[Jan 07 10:22:08] Gathering host keys.
[Jan 07 10:22:08] Using MySQLi directly.
[Jan 07 10:22:08] Checking 25 host keys against Wordfence scanning servers.
[Jan 07 10:22:08] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=check_host_keys
[Jan 07 10:22:09] Done host key check.
[Jan 07 10:22:09] Done examining URLs
[Jan 07 10:22:09] Gathering host keys.
[Jan 07 10:22:09] Using MySQLi directly.
[Jan 07 10:22:09] Starting password strength check on 3 users.
[Jan 07 10:22:09] Checking password strength of user 'empadmin' with ID 2 (Mem:126.0M)
[Jan 07 10:22:10] Completed checking password strength of user 'empadmin'
[Jan 07 10:22:10] Checking password strength of user 'robadmin' with ID 3 (Mem:126.0M)
[Jan 07 10:22:10] Completed checking password strength of user 'robadmin'
[Jan 07 10:22:10] Checking password strength of user 'stephadmin' with ID 1 (Mem:126.0M)
[Jan 07 10:22:11] Completed checking password strength of user 'stephadmin'
[Jan 07 10:22:13] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=plugin_vulnerability_check
[Jan 07 10:22:18] Forking during hash scan to ensure continuity.
[Jan 07 10:22:18] Entered fork()
[Jan 07 10:22:18] Calling startScan(true)
[Jan 07 10:22:18] Got value from wf config maxExecutionTime: 30
[Jan 07 10:22:18] getMaxExecutionTime() returning config value: 30
[Jan 07 10:22:34] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Tue, 07 Jan 2020 16:22:34 GMT', 'content-type' => 'text/html; charset=UTF-8', 'content-length' => '12', 'set-cookie' => array ( 0 => '__cfduid=d3689b5502c133246d8ec9ce85344b75a1578414138; expires=Thu, 06-Feb-20 16:22:18 GMT; path=/; domain=.blackbisoncoffee.com; HttpOnly; SameSite=Lax; Secure', 1 => 'X-Mapping-inndgnee=771DC568DD9D49B4B51F2761735287F1; path=/', 2 => 'tk_ai=woo%3AMhEXqilWeUUb2gNtglsnqiZs; path=/', ), 'vary' => 'User-Agent', 'cache-control' => 'no-transform, no-cache, no-store, must-revalidate', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'x-content-type-options' => 'nosniff', 'x-robots-tag' => 'noindex', 'x-frame-options' => 'SAMEORIGIN', 'referrer-policy' => 'strict-origin-when-cross-origin', 'cf-c
[Jan 07 10:22:34] Starting cron with normal ajax at URL https://www.blackbisoncoffee.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=7c0962793dbb85ba04c131a2f4f3ac4e&signature=aca79d18d8b109652618224eef6b5f68b39a089d52eee026548e170c47307b6b
[Jan 07 10:22:35] Scan process ended after forking.
[Jan 07 10:22:47] Scan engine received request.
[Jan 07 10:22:47] Verifying start request signature.
[Jan 07 10:22:47] Fetching stored cronkey for comparison.
[Jan 07 10:22:47] Checking cronkey: 7c0962793dbb85ba04c131a2f4f3ac4e (expecting 7c0962793dbb85ba04c131a2f4f3ac4e)
[Jan 07 10:22:47] Checking saved cronkey against cronkey param
[Jan 07 10:22:47] Requesting max memory
[Jan 07 10:22:47] Setting up error handling environment
[Jan 07 10:22:47] Setting up scanRunning and starting scan
[Jan 07 10:22:47] Got a true deserialized value back from 'wfsd_engine' with type: object
[Jan 07 10:22:55] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=adf50675623931b9464030445a069b12f257fa3912295fc43874d39d5beaaac4a2aea82a95b0a4c2093528eefd53506d2e6bef6e174294c42965a51c58d83d94074a903920406e17cd0b65ef5db29344&s=eyJ3cCI6IjUuMy4yIiwid2YiOiI3LjQuMiIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuYmxhY2tiaXNvbmNvZmZlZS5jb20iLCJzc2x2IjoyNjk0ODgxOTEsInB2IjoiNy4zLjgtMSswfjIwMTkwODA3LjQzK2RlYmlhbjEwfjEuZ2JwNzczMWJmIiwicHQiOiJhcGFjaGUyaGFuZGxlciIsImN2IjoiNy42NC4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMWMiLCJzdiI6IkFwYWNoZVwvMi40IiwiZHYiOiIxMC4xLjM0LU1hcmlhREItMX5qZXNzaWUifQ&betaFeed=0&action=record_scan_metrics
[Jan 07 10:23:05] Scan terminated with error:

What’s interesting is that the log doesn’t show the error. The gold bar above the log shows:

Scan Failed
The previous scan has failed. Some sites may need adjustments to run scans reliably. Click here for steps you can try.

[ Please do not bump. ]

• This reply was modified 4 years, 10 months ago by Jan Dembowski.
• This reply was modified 4 years, 10 months ago by Jan Dembowski.
• This reply was modified 4 years, 10 months ago by Jan Dembowski.

Hey @cyberspyder,

I thought I had already responded here.

We’re currently looking into what seems to be a similar issue. Can you please share a list of your active plugins?

Can you also try checking for a conflict by disabling all other plugins to see if it helps?

Thanks,

Gerroald

@wfgerald
Here are the plugins (all active):

Akeeba Backup Professional for WordPress
Akismet Anti-Spam
BJ Lazy Load
Contact Form 7
Facebook for WooCommerce
Fusion Builder
Fusion Core
GetWooPlugins Updater
Google Analytics Dashboard for WP (GADWP)
ImageRecycle pdf & image compression
Jetpack by WordPress.com
Kadence WooCommerce Email Designer
Mailchimp for WooCommerce
mywpguru (This is MySitesGuru – had the problem before adding this connection plugin)
USPS WooCommerce Shipping
Variation Swatches for WooCommerce
Variation Swatches for WooCommerce – Pro
WooCommerceWooCommerce Admin
WooCommerce All Products For Subscriptions
WooCommerce Brands
WooCommerce PayPal Checkout Gateway
WooCommerce Services
WooCommerce Subscriptions
Wordfence Security
WP Super Cache
Yoast SEO

I will try to disable each plugin and attempt scan as I get time and will post update here if I find one that is causing the scan to stop. However, all of these plugins are standard, well trusted WP plugins.

• This reply was modified 4 years, 10 months ago by cyberspyder.
• This reply was modified 4 years, 10 months ago by cyberspyder.

@wfgerald PROGRESS!
I disabled every “add on” plug in that wasn’t basically required for the live site to function publicly and the scan COMPLETED!
I then turned on what I think are safe add on plugins that we’ve used on other sites without issue and it stopped again during Vulnerability Scan.
I am now trying to turn off one at a time and see what crashes. It just takes about seven minutes to complete the scan each time, so it may be a bit.

@wfgerald – FALSE HOPE
After going through the plugins (from all activated) and deactivating two/three at a time, EVERY scan stopped at Vulnerability. Re-Activated those two/three and moved down the list to the next two/three. Again, EVERY scan failed.
That would seem to indicate it’s a combination of something. Maybe.
I do not have the free time to deactivate them one at a time, wait 6-10 minutes for the scan to fail or complete, then turn that one back on and the next one off. It would literally take me 4-5 hours.
Please let me know what you can make of this and what you guys are looking into as a possible problem. Sorry that I can’t help more at this time.

Hey @cyberspyder,

I believe this might be a conflict with your backup plugin. When disabling it on the customer’s site the scan completes. Can you please try specifically disabling that one and let me know if it helps?

Thanks,

Gerroald

@wfgerald GOOD NEWS!
Turning off the Akeeba Backup Professional for WordPress plugin did allow the scan to complete without stopping/crashing at the Vulnerability Check. I hope this is something that can be worked out with Nicholas at Akeeba – really good guy/company.
Using their latest public release (Version 7.0.0.rc1).
What’s odd is that we use that on all of our sites and are not having any issues that we are aware of on any other sites.

Hey @cyberspyder,

Thanks for the update, and happy to hear it!

I’m sure many people use both plugins, and this is one of two reports that I’ve personally seen, which is odd. I’ve shared this with the developers as well.

I’ll be sure to update you if the developers are able to track this down.

Thanks,

Gerroald

@wfgerald
Thanks for the update. I will also let you know that I just had my first repeat of this issue on another site that is both running Akeeba Backup Pro plugin (latest version – 7.0.0.rc1) and the latest WordFence plugin. It also stopped on the Vulnerability Scan.
So we can surmise that there is definitely an issue somewhere, whether it is in the new code of the new Akeeba plugin or something else in WordFence that is now affected by the new Akeeba plugin.
I will also summit a ticket with Nicholas at Akeeba and let him know of this issue with a link to this forum post even though he’ll most likely say its a WordFence issue. However, he is great at coding, as well as a nice guy. Hopefully, he is willing to check and identify what is different in his code from before. I do not that it was a pretty big rewrite with version 7.
Thanks again for your work on this and hope your developers can come up with something, too.