Scan Engine Error

Hi @anafasia , thanks for reaching out.

We have seen the Scan Engine Error: The signature on the request to start a scan is invalid. Please try again. message solved by deactivating and reactivating Wordfence or a complete plugin reinstallation in the past, so that could be worth a try. You can choose to keep plugin settings when deactivating Wordfence from the WordPress > Plugins page.

This issue has sometimes been caused by caching, so it might be good to clear any caching plugins or site caching you have enabled to see if it rectifies the issue. Also, ensure that Wordfence > Tools > Diagnostics > Debugging Options > Start all scans remotely isn’t enabled.

If that doesn’t solve the issue, please do the following for me:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section, check the circle “Enable debugging mode”
• Click “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

This will help me see exactly what is happening when the scan fails. Additionally, please send us a diagnostic report from the “Diagnostics” page to [email protected]. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

The log plus diagnostics would give us a good amount of information to try getting to the bottom of it for you.

Thanks,

Mark.

unfortunately none of your suggestions worked.

I cannot send you the report by email. when I try it I get an error.

here is the address of the full log:

https://urlis.net/vop82gk8

this are the last lines of the scan:

• [Oct 04 21:02:12] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 04 23:58:54] Throttling IP 65.21.35.249. Exceeded the maximum number of requests per minute for crawlers.
• [Oct 05 12:56:44] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 12:56:46] Scan stop request received.
• [Oct 05 12:56:51] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 12:57:52] Scan stop request received.
• [Oct 05 12:57:56] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 12:57:57] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 12:59:41] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:00:27] Scan stop request received.
• [Oct 05 13:00:30] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:01:29] Attempting to resume scan stage (1 attempt(s) remaining)…
• [Oct 05 13:01:29] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:02:17] Scan stop request received.
• [Oct 05 13:02:23] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:03:23] Attempting to resume scan stage (1 attempt(s) remaining)…
• [Oct 05 13:03:24] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:04:23] Attempting to resume scan stage (0 attempt(s) remaining)…
• [Oct 05 13:04:23] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:04:43] Scan stop request received.
• [Oct 05 13:04:46] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:05:46] Attempting to resume scan stage (1 attempt(s) remaining)…
• [Oct 05 13:05:47] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.
• [Oct 05 13:06:46] Attempting to resume scan stage (0 attempt(s) remaining)…
• [Oct 05 13:06:46] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.

and this are the first ones of the full log:

[Oct 05 13:05:46:1696503946.730587:4:info] getMaxExecutionTime() returning config value: 20

[Oct 05 13:05:46:1696503946.729158:4:info] Got value from wf config maxExecutionTime: 20

[Oct 05 13:05:46:1696503946.724480:4:info] Entering start scan routine

[Oct 05 13:05:46:1696503946.721620:2:info] Attempting to resume scan stage (1 attempt(s) remaining)...

[Oct 05 13:04:46:1696503886.385167:4:info] Scan process ended after forking.

[Oct 05 13:04:46:1696503886.373355:1:error] Scan Engine Error: The signature on the request to start a scan is invalid. Please try again.

[Oct 05 13:04:46:1696503886.371813:4:info] Verifying start request signature.

[Oct 05 13:04:46:1696503886.369511:4:info] Scan engine received request.

[Oct 05 13:04:46:1696503886.238079:4:info] Starting cron with normal ajax at URL https://afasiaarchzine.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=50d5b6614ece26fff0a96aa570969d4a&signature=36153f4ad32871a11976433d3efd8d4fe24efc1130946bf7781dfa414a97d78d

[Oct 05 13:04:46:1696503886.229044:4:info] Test result of scan start URL fetch: array ( 'headers' => WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Thu, 05 Oct 2023 11:04:46 GMT', 'server' => 'Apache', 'x-robots-tag' => 'noindex', 'x-content-type-options' => 'nosniff', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'referrer-policy' => 'strict-origin-when-cross-origin', 'x-frame-options' => 'SAMEORIGIN', 'upgrade' => 'h2', 'content-length' => '12', 'content-type' => 'text/html; charset=UTF-8', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => array ( ), 'filename' => NULL, 'http_response' => WP_HTTP_Requests_Response::__set_state(array( 'response' => WpOrg\Requests\Response::__set_state(array( 'body' => 'WFSCANTESTOK', 'raw' =>

[Oct 05 13:04:46:1696503886.067623:4:info] getMaxExecutionTime() returning config value: 20

[Oct 05 13:04:46:1696503886.066280:4:info] Got value from wf config maxExecutionTime: 20

[Oct 05 13:04:46:1696503886.056844:4:info] Entering start scan routine

[Oct 05 13:04:46:1696503886.051435:4:info] Ajax request received to start scan.

[Oct 05 13:04:43:1696503883.287461:10:info] SUM_KILLED:A request was received to stop the previous scan.

[Oct 05 13:04:43:1696503883.284985:1:info] Scan stop request received.

[Oct 05 13:04:23:1696503863.610603:4:info] Scan process ended after forking.

capt of the error emailing

Hi @anafasia,

Thank you for sending the debug log.

To send the diagnostic report, please try the below instead:

Navigate to Wordfence > Tools > Diagnostic page and then click the “Export” button. Send the txt file to [email protected]. Add your forum username in the subject and respond here once done.

Thanks,

Mark.

thanks, I have just sent you the diagnostic report via email.

Hi @anafasia, thank you for sending the diagnostic report.

I suspect this may be due to a conflict with the Change wp-admin login  plugin.

Please disable the Change wp-admin login plugin and run the scan again to see if you get any errors. Typically, we do not recommend changing or hiding the default login URL for WordPress, as explained in our blog:

https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/ 

Thanks,

Mark

thanks,

on one hand it seems you are right. I deactivated Change wp-admin login run another scan and it was completed without problems. no farther issues were found.

I see your point, but I’m not sure what I will do. now I will have to deactivated in order to use WF, but if they solve the incompatibility maybe I will restore it. my web was compromised some time ago so I hired some people and they installed both plugins, although I should say the were not top coders -they almost collapsed my web-.

on the other hand these are good and bad news. for some weeks I’ve been experienced that occasionally some ads are displayed when you click on the web on a new window and I haven’t placed those ads. although I have added recently new companies to manage my ads -mainly banners- these could be a missfunctions related to them, but also I’m afraid someone could have accessed the web and added that script. anyhow I have no warnings form Google Search Console and your scan has not found changes among our archives.

if someone has placed that script, should the scan find it? is there a way to find it in case it exist?

Hi @anafasia , thanks for getting back to us.

Glad to hear that the scans are working now.

On the ADs issue, I suspect this may be due to the malware issue you had on the site. Try running a High Sensitivity Scan on the site to see whether Wordfence detects any malicious files. You can do this by logging into your site and navigating to Wordfence > Scan > Manage Scan > High Sensitivity > Save – then run the scan from Wordfence > Scan > Start New Scan.

You can clean the site by using the following guide: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

 Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.

Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one, and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales @ wordfence.com if you have any questions about it.

Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

Thanks,

Mark

thanks a lot,

I have just made the sensitive scan, but no threats are detected.

it was not in the past, but nowadays plugins and wordpress are always updated. there are two plugins WordPress Scheduled Time and ?RSS Image Feed that probably are not updated anymore, but I need to manage the blog.

I have found a user -now deleted- with administrative rights with an address I never use?wpengine, so it seems someone accesed the blog. I have had security issues more than once, but sparsed in time, so I’m not sure if they are related. I’m more inclined to think that wordpress was updated, this somehow caused an incompatibility between WF and WPAdminLogin, scans stopped since 09/08/2023?without me noticing it and someone took advantage to access the site.

I’ll have to look for someone to clean it, I did already consider you option, but I won’t probably be able to afford it, probably I will have to look for some technical guy. anyhow, at first? I want to have a look by myself. I`ll check your links. I have no warnings from Google Search Console and have tried two other links and not malicious code is detected. problably it shows as regular ad from the web. I’m ckecking the last updated files in my theme and plugins. some of them -mainly themes files- I’m forced to change them often so I could locate anything rare there, but till now I have found nothing. there are a lot of files changeg on 09/08/2023, but I suppose this is related to the wordpress update. a bit unlucky because without this, most of the files would be unchanged since before the incident.

I won’t feel relaxed untill a few weeks pass, but it seems it is solved now. for some days now it seems the unwanted ad is gone. the only change I’ve made was removing Change wp-admin login and placing a beta version they updated -it seems they solved the issue- so appartently the problem came from there, although when deactived no changes were detected by WF-.

it is the second time I solve an infection without knowlodge on these issues, so I’ve been lucky it seems. the first time Google Search Console located the files so it was easy for me to remove then.

this time, your advises restoring WF drove me and was the main lever to reach a solution, so thanks a lot truly for your help.

You’re welcome @anafasia

Glad to hear everything is working as expected now.

If you need any further assistance in future, please create a new topic and we will be happy to help.

Thanks,

Mark