For some reason WordFence is unable to start scans. The scan immediately stops:

• [Dec 24 12:35:06]?Attempting to resume scan stage (0 attempt(s) remaining)…
• [Dec 24 12:33:42]?Attempting to resume scan stage (1 attempt(s) remaining)…
• [Dec 24 12:32:31]?Scan stop request received.
• [Dec 24 09:05:22]?Attempting to resume scan stage (0 attempt(s) remaining)…
• [Dec 24 08:52:06]?Attempting to resume scan stage (1 attempt(s) remaining)…
• [Dec 24 08:50:55]?Scheduled Wordfence scan starting at Sunday 24th of December 2023 08:50:55 AM

I tried to change the settings to start scans remotely, but I had no luck with that. cURL is installed and enabled in my PHP installation.

A few more details. ufw is not active, but I have set up some rules in the DigitalOcean firewall. I opened up ports 80 and 443 to the WordFence IPs listed here:

• 44.239.130.172
• 44.238.191.15
• 35.155.126.231
• 54.68.32.247
• 44.235.211.232
• 54.71.203.174

I even tried disabling the firewall entirely, still no luck.

I’ve set up PHP-FPM to use a custom pool for every site I have, and files and dirs are owned by the user running the PHP-FPM processes. I set up open_basedir to only allow access to the site’s root directory and the /tmp directory.

Here are some PHP config parameters in case it’s helpful:

pm.max_children = 6
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 3
pm.process_idle_timeout = 10s;
pm.max_requests = 500

There’s a 256MB memory_limit.

I have disabled the following PHP functions (these were also disabled in my old server, where scans are working):

disable_functions = dl,exec,expect_popen,fpaththru,getmypid,getmyuid,leak,listen,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_unshare,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,system_exec

In WordFence’s diagnostics page I see this error:

• Connecting back to this site: wp_remote_post() test back to this server failed! Response was: cURL error 28: Operation timed out after 10002 milliseconds with 0 bytes received
• Connecting back to this site via IPv6 (not required; failure to connect may not be an issue on some sites): wp_remote_post() test back to this server failed! Response was: cURL error 7:

Which is strange because in Diagnostics WordFence also says:

Checking for cURL support: 7.81.0 (0x75100)

Does anyone have an idea what’s going on?

Wordfence scans stopped working on a few sites of mine, but with the same “Scan process ended after forking” error. I’ve tried everything in this article https://www.wordfence.com/help/?query=scan-failed-start and looked through the forums but the problems is still persisting.

Is there anything else I can try?

I’ve just started using WordFence for my site and had a question on scans, I get the email to advise on which plugins need to be updated etc

One day it might say 1 plugin needs to be updated and the next day it will say another plugin will need to be updated. Is this just checking for new issues found and advising on them or is it supposed to list out all plugins that have issues and need to be updated?

Many thanks,

Craig

Have I misinterpreted something here? And can I be sure of the scan frequency when and if I buy the plugin?

Happy for any light you can shed on this to make it clear to me.

WordFence scans haven’t been starting automatically on several of the sites I manage for quite a few months now, forcing me to initiate them manually via WF Central.

I have a cronjob set up in cPanel cron scheduler, which executes wp_cron directly. I know that this is working fine as wordfence_daily_cron and wordfence_hourly_cron are both executed and rescheduled afterwards. I thought that perhaps one of these cronjobs would recreate the wordfence_start_scheduled_scan job, but not so.

‘Schedule WF scans’ is enabled and I’m using the free edition, so manual scan scheduling is not enabled.

This issue first arose at the start of the year, but I haven’t had time to look into it until recently. I’m happy to send a diagnostic report if you can let me know where to send it.

Thanks for your help!

The Plugin “WordPress HTTPS (SSL)” appears to be abandoned (updated January 11, 2018, tested to WP 4.9.13).
Type: Plugin Abandoned

In scan options, we DO want to have it check for abandoned and vulnerable plugins and themes, though, so we do need to have “Scan for out of date, abandoned, and vulnerable plugins, themes, and WordPress versions” checked.

How do we keep Wordfence from emailing alerts about these outdated plugins, yet still have it check for them?

I also have a problem completing limited scans, which may be related, typically:

<b>Fatal error</b>: Out of memory (allocated 161480704) (tried to allocate 1261568 bytes) in <b>file</b>... <p>There has been a critical error on your website.</p>...

The scans get as far as “Analyzed 0 files containing 0 B of data.” and then drop off.

I’m on 123-reg hosting, which I know doesn’t help because they update the settings automatically to a limited scan every night.

Thoughts on what the issue(s) might be? Any solutions (other than change hosting provider)?

Best Regards,
George