PHP 5.5.11

Wordfence should run on PHP 5.4, 5.5, and 5.6. I don’t know if there are any specific PHP bugs on 5.5.11 that might stop it from working, but 5.5.27 is currently working correctly.

The module mismatches should be corrected by the host, if they are still occurring. If the message only came up once, it may have been a temporary problem during the update (I’ve seen this on a cPanel host).

When the host updated php.ini, if they replaced the whole file, they may have inadvertently overwritten some prior changes they made, such as the memory_limit, which could affect scans. Ideally it should be 256M or more.

A guide on some other reasons scans won’t finish is available here:
https://docs.wordfence.com/en/My_scans_don%27t_finish._What_would_cause_that%3F

Hey Matt,

Thanks for getting back to me. I checked the php.ini it seems okay memory wise.

; Maximum amount of memory a script may consume (128MB)
; https://php.net/memory-limit
memory_limit = 1024M

Brian, linked that guide in the previous issue I had last week. I did play around with those settings but no cigar.

Thanks again!

Ok, I thought your name sounded familiar! So the delay in the scan log updating in the last thread may have been Sucuri’s new feature, that slows down or blocks ajax requests.

With the current issue though, are you able to complete a scan if the new Sucuri feature is disabled? And are the .zip files still excluded from the scan?

If there is anything near the end of the Scan Summary or Scan Detailed Activity boxes on the Scan page when it gets stuck, let us know that too.

Hey Matt,

Yeah, I been having server issues for like 2 weeks now, so frustrated… Not your fault! I blame the host… for now… haha.

To be honest Sucuri’s new feature doesn’t seem to do much for me enable or disable. Sorry. But that is a good idea I’ll try that now in a few minutes and let you know.

Yeah the scan gets stuck alway here:

[Aug 12 16:10:07]
Scanning file contents for infections and vulnerabilities
[Aug 12 16:10:07]
Scanning files for URLs in Google's Safe Browsing List

By the way that is the current scan time stamp. It should have been completed by now, no?

Usually after 15 minutes or more I have killed a scan. After making a post, eating breakfast or lunch, etc. So, between 15-45 minutes the max I have let it run.

Thanks for the feedback and advise. I’ll go try and see if those help.

The time a scan takes depends a lot on the content of your site, which Wordfence options you have selected, and the speed of the host, so it’s hard to say.

One option that does make it take a lot longer is “Scan image files as if they were executable” — it scans more than just image files, so it can be the reason that really large files get scanned (and stuck). Infections in those files are relatively rare, so you may not really need it to scan those daily. (It is off in the default settings.)

Another Wordfence option you can try for troubleshooting is “Enable debugging mode (increases database load)”, close to the end of the options page. This will list more details and filenames in the “Scan Detailed Activity” box while running a scan. You may have to kill the current scan and start a new one. The only thing is, this adds a lot of extra data to your database for a while.

When the scan gets stuck, you should be able to see which file it was on — if it’s an ordinary file, we’re still stuck with a memory problem or some other issue, but if it’s a large file that wasn’t being excluded from scans, you could exclude it.

If you use the debugging mode, make sure to turn it off when finished, as it will keep logging data and filling up space when it’s on.

Hey Matt,

Thanks so much for your tips. Sorry for the delay I was waiting on the host support to get back to me and for them to tweak things on the host side.

I think with php 5.5.11 disabling that option in Sucuri seems to have done the trick. Another thing I did was increase the display to 3 secs and the max exe time to 10 but the big change was I double the memory usage from 256 mb to 512 mb. That seems to just energize the whole thing back to full motion.

I haven’t tested the xhr option on again. I ran another scan just after that one to see if it was pure luck and it got stuck. So, I let the scan stay stuck there and then killed the scan. The wait time was maybe 15-30mins. Before this test, I noticed during scans it always gets delayed on 1 file. It isn’t a particular file. I did enable debug mode like you mention and saw it stuck on a backup file (.zip). I downloaded 2 months worth of backups and deleted them from the server. I ran a scan again and it got stuck on a different type of file. Anyways, for the third scan I changed the memory to 1024 MB, I know overkill but the scan completed. In the summary window:

[Aug 13 20:33:08] Wordfence used 27.67MB of memory for scan. Server peak memory usage was: 64.90MB

Anyways, I appreciate your help. I email myself some of the log files during these tests. One with PHP 5.3.x and the other with 5.5.11 if you guys want them I can forward them to your support email.

Thanks.

Strange that it’s reporting only 64.9MB when increasing the memory limit so much seemed to help! Taking the backups off of the server definitely does help scan times, so that is good too.

If you want to send the scan logs, you can email me at mattr [at] wordfence.com

Thanks!

I got the logs that you forwarded, along with the message that another scan failed while scanning files. Sorry to hear it is still not completely working!

I think this still may be something the host is doing — either limiting memory or processor usage in another way (separate from PHP’s memory_limit), or possibly actually running out of free memory if the other sites are busy while your scan is running. (This is a shared host, correct?)

I noticed also that the scans do finish in about 5-6 minutes when they do work, which isn’t bad for the amount of files being scanned, and it seems to get stuck in various places, and not necessarily on one particular file (though it was stuck on the backup files previously). When it is stuck on other files, when you had debugging on, are they large files?

Hello Matt,

Thanks for taking a look at my log file. Yes, it is a shared host. The scan lasts that long because I increased the execution time to 15 secs in hopes that maybe the host was throttling the plugin.

So far what is happening now is that with php 5.5.11 scheduled scans are not going through. They can stay stuck for hours or days if you don’t go check on them at least once a day. Manual scans are completing no problem.

I can’t recall the size of the other file it was scanning on debug. I’ll check later today. Right now host support is logged in so I’ll wait till they are done or let me know it is okay.

I really appreciate your help Matt!

Thanks.

I don’t think there is anything different internally between a manual scan and a scheduled scan, but I’ll check.

If not, you may need the host to do some troubleshooting, to see if there is anything more they can do. We don’t see a lot of scans get stuck like this, other than memory or timeout issues, so there may be something else going on, on the server.

Hey Matt,

Well the scans are finally working again.

One thing I noticed is that Sucuri reports the following on the Site Info tab:

PHP memory limit 256M
PHP upload max filesize 1024M
PHP post max size 1024M
PHP max execution time 600
PHP max input time 300

While Wordfence does its own test and uses the values from php.ini

Wordfence Memory benchmarking utility version 6.0.15.
This utility tests if your WordPress host respects the maximum memory configured
in their php.ini file, or if they are using other methods to limit your access to memory.

–Starting test–
Current maximum memory configured in php.ini: 1024M
Current memory usage: 38.75M
Setting max memory to 90M.
Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully
to determine how much memory your host allows. We have requested 90 megabytes.
Completing test after benchmarking up to 80.25 megabytes.
–Test complete.–

Congratulations, your web host allows you to use at least 80.25 megabytes of memory for each PHP process hosting your WordPress site.

You mention something that got me thinking if I set Wordfence to use 1024 MB why is it taking so long. So, I reduced the memory to 128 MB and after that the scans started working again after some other tweaks. Also the host seemed to do some tweaks on their side.

My reasoning was that maybe the host has some memory limits and when a cron job requests 1024MB it throttles the process so I figure if I requested less memory (in this case half of the suggested memory) it would let it complete the scan.

So, once again there is peace. ??

Thanks for everything Matt!

Hey Matt,

Scan is stuck again.

I think the host is blocking some cron jobs. In this case:

wordfence_email_activity_report

Thanks.

One of the developers suggested trying turning off “Scan file contents for backdoors, trojans and suspicious code” long enough to see if an automatic scan will run. He confirmed that it shouldn’t matter if the scans were started manually or automatically, if you’re getting as far as the logs show. If they are successful, that could narrow down the problem a little more.

That’s bad too, if cron jobs may be getting blocked, though — they are also used for WP’s automatic updates for security issues, and checking for new versions of plugins. This isn’t very common, and it’s usually something with a particular host’s setup.

I know you mentioned that the host had added some new security recently — if they’re blocking or throttling any outbound connections from your site (even back to your own site), that could definitely stop a scan in the middle, and also could stop cron jobs from starting. They may have some log files they can use to help find out what the problem is, if you can show them the times of the stuck scans in Wordfence logs, or they can use the site’s access log, to try to match up the times as well.

Hey Matt,

I will try turning off “Scan file contents for backdoors, trojans and suspicious code” to see if the scheduled scan completes.

What does it mean if it works?

Today, I’m going to purge some cron jobs off mysql DB that might have been left off from an old plugin or server 500 errors as suggested here or somewhere else I read.

Yeah, Arvixe increased the security so much that not too long ago the BitNinja had block me from accessing the site too much. They claimed I was calling a non-existent index.php file that I never created or that my html file was calling the HTML5 shiv javascript that wasn’t uploaded but even after removing the line of code it will still block me. This also happened for like a week or more.

I think I need a new host…

Thanks!

If it does work with that option disabled, then it would at least rule out any difference between manual and automatic scans, so it might have just been random chance that it worked during manual scans. Let us know how it goes!