Basic config writing error

Hi @da, thanks for reaching out and thank-you for the detailed description of your setup and steps you’ve already tried.

The first place I would go with the cron key not matching the saved key would be to ensure your installations of WordPress and Wordfence are the latest versions, then check if you have memcache or object-cache set up on this site. There could be a chance that a third-party caching plugin could be doing the key-caching if you have never set up the above methods. Will the scan now run with the caching plugin either disabled or flushed?

If the above doesn’t help, I think we might benefit from the logging information to see at which stage the scan itself throws this failure. Can you do the following so I can get the information I need to help you?

• Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
• Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”
  Set “Maximum execution time for each scan stage” to 20 on the options page
• Click to “Save Changes”
• Go to the Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”
• Click to “Save Changes”.
• Start a new scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in the post.

On occasion, this fixes it straight away. That’s because adding 20 for the “Maximum execution time for each scan stage” tells the scan to pause every 20 seconds and start again where it left off. If this fixes the issue and scans run again, you can leave all the settings above except for “Enable Debugging Mode”.

Thanks,

Peter.

Thanks for helping Peter.

I’m running the latest releases of WordPress and Wordfence.

Checked with our host who confirmed that the issue is not server related. For what it’s worth, Wordfence is able complete scans on 10+ additional WP sites on our dedicated server, a couple with premium licenses.

Below are the last 20+ lines.

[Nov 16 14:20:17] Got a true deserialized value back from ‘wfsd_engine’ with type: object
[Nov 16 14:20:25] Getting plugin list from WordPress
[Nov 16 14:20:25] Found 18 plugins
[Nov 16 14:20:25] Getting theme list from WordPress
[Nov 16 14:20:25] Found 4 themes
[Nov 16 14:20:26] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=40b5631d5015acea9b1639bb3c558fe7b34eeeb50a1588d34f92f3f5b618c9fb6f443bef10f25e943f931ce74bf98e4fafb7ddccdd4f0e5822487698bf43ab3e60bad72c38c7cb113101e6731277ef3f&s=eyJ3cCI6IjUuNS4zIiwid2YiOiI3LjQuMTIiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LmdwZWxlY3Rpb25zLm9yZyIsInNzbHYiOjI2OTQ4ODE0MywicHYiOiI3LjMuMTgiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3LjU4LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xIiwic3YiOiJBcGFjaGUiLCJkdiI6IjUuNy4zMC1sb2cifQ&betaFeed=0&action=get_known_files
[Nov 16 14:20:46] Using cached malware prefixes
[Nov 16 14:20:48] Using cached core hashes
[Nov 16 14:20:55] Forking during hash scan to ensure continuity.
[Nov 16 14:20:55] Entered fork()
[Nov 16 14:21:30] Calling startScan(true)
[Nov 16 14:21:30] Got value from wf config maxExecutionTime: 20
[Nov 16 14:21:30] getMaxExecutionTime() returning config value: 20
[Nov 16 14:21:32] Test result of scan start URL fetch: array ( ‘headers’ => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( ‘data’ => array ( ‘date’ => ‘Mon, 16 Nov 2020 14:21:30 GMT’, ‘server’ => ‘Apache’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘referrer-policy’ => ‘strict-origin-when-cross-origin’, ‘content-type’ => ‘text/html; charset=UTF-8’, ), )), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( ), ‘filename’ => NULL, ‘http_response’ => WP_HTTP_Requests_Response::__set_state(array( ‘response’ => Requests_Response::__set_state(array( ‘body’ => ‘WFSCANTESTOK’, ‘raw’ => ‘HTTP/1.1 200 OK Date: Mon, 16 Nov 2020 14:21:30 GMT Server: Apach
[Nov 16 14:21:32] Starting cron with normal ajax at URL https://www.gpelections.org/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=4572ea4415b79dceaff81be8e1e64db2&signature=6731c2071910e6f4f91087941a73cab26615d4bd92eda3746550890268c62208
[Nov 16 14:21:33] Scan process ended after forking.
[Nov 16 14:21:35] Scan engine received request.
[Nov 16 14:21:35] Verifying start request signature.
[Nov 16 14:21:35] Fetching stored cronkey for comparison.
[Nov 16 14:21:35] Checking cronkey: 4572ea4415b79dceaff81be8e1e64db2 (expecting 4572ea4415b79dceaff81be8e1e64db2)
[Nov 16 14:21:35] Checking saved cronkey against cronkey param
[Nov 16 14:21:36] Requesting max memory
[Nov 16 14:21:36] Setting up error handling environment
[Nov 16 14:21:36] Setting up scanRunning and starting scan
[Nov 16 14:21:36] Fatal error: Allowed memory size of 943718400 bytes exhausted (tried to allocate 737280 bytes) in /usr/www/users/gpus/gpelections.org/wp-includes/wp-db.php on line 1999 There has been a critical error on your website.Learn more about debugging in WordPress.

Hi @da, thanks for doing that for me.

I see there that the cron key and expected key seem to now be in sync, so perhaps that error was cropping up because it was the last run action before moving on.

The out of memory error is likely to be memory exhaustion occurring outside of PHP somewhere on the server. The operating system log files and web server log files will likely show if memory is being exhausted somewhere outside of PHP. We normally recommend PHP memory limits with Wordfence such as 128MB or 256MB, so as you’re looking at 943MB being exhausted here there is something bigger going on.

I think it’s worth reporting the fatal error text to your host and see if they will review the OS and server log files with you.

Thanks,

Peter.