scan hangs

This might be caused by parts of the scan running too long on your host. There are some steps you can try here:
My scans don’t finish. What would cause that?

It might also be a memory issue, even though you are not getting typical message. If the steps above don’t help, try the link that says “Test your WordPress host’s available memory” near the bottom of the Wordfence options page, and post the results here.

Thanks. I changed it to 15, didnt seem to fix anything.
I did the memory test and it says this:
Wordfence Memory benchmarking utility version 6.0.15.
This utility tests if your WordPress host respects the maximum memory configured
in their php.ini file, or if they are using other methods to limit your access to memory.

–Starting test–
Current maximum memory configured in php.ini: 200M
Current memory usage: 70.00M
Setting max memory to 90M.
Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully
to determine how much memory your host allows. We have requested 90 megabytes.
Completing test after benchmarking up to 80.25 megabytes.
–Test complete.–

Congratulations, your web host allows you to use at least 80.25 megabytes of memory for each PHP process hosting your WordPress site.

it seems to pick up some more if I stop it and restart

Thank you for checking the items above. Your host might be limiting memory or time in a non-typical way, but I am not sure.

As a test, can you temporarily turn off “Scan file contents for backdoors, trojans and suspicious code” in your Wordfence Options, and see if a scan will complete? A successful scan will clean up some temporary database records, so turning it on again may work afterward, but you could still run into the same limits as your site grows.

You could also try temporarily adding “sitemap.xml” to the option “Exclude files from scan that match these wildcard patterns” on the Wordfence Options page. That file is not huge, but it is larger than most non-media files. If the scan gets further when this is file excluded, it is likely that you may need your host to increase memory or time limits.

If your host is running the LiteSpeed web server, there is also another option (this is fairly rare, though).

I’m on a dedicated server, so I can pretty much do whatever I want. Ill try those out right now.

Oh, that’s great! Most people have to deal with a hosting company that doesn’t want to change their settings for just one user. If you can change your php.ini memory_limit to a higher limit, even 384M or 512M, that should rule out memory issues. Most other plugins and such won’t exhaust your memory, if you’re not already getting errors from them.

You can also set your max_execution_time higher in php.ini, to prevent timeouts, if that is the cause.

If your web server settings limit any resources, you might try increasing those too. I think normally PHP is exempt from the limits when it’s a separate process, unless it is running as an apache module. (RLimitMem in Apache is one of the settings to check first, if you use it.)

Also, just to check, since you’re on a dedicated host — are you running the LiteSpeed web server instead of apache?

I turned off Scan file contents for backdoors, trojans and suspicious code, and excluded the sitemap and it still is hanging

yeah on litespeed. I’ll change those php limits now

LiteSpeed requires a specific change to your .htaccess, because the server stops long-running processes by default.

We have instructions here — this often fixes backup plugins too, if your backups aren’t finishing properly:
LitesSpeed aborts Wordfence scans and updates

Sorry I didn’t mention it earlier — there are not very many LiteSpeed users using Wordfence!

thanks that helped Still seem to be running out of memory even though I changed the setting to be super high:
[Aug 31 12:54:08] Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 64 bytes) in /home/igneous/public_html/wp-content/plugins/wordfence/lib/wfConfig.php on line 657
[Aug 31 12:54:08] Scan process ended after forking.

Ok, that’s better now that the memory warning is at least showing up! You can increase the option “How much memory should Wordfence request when scanning” from 256 to 512, as well, which might take care of it.

It’s possible you have another limit set somewhere, or there are multiple locations where php.ini is being read from. On the Wordfence Options page, near the bottom, if you click the link “Click to view your system’s configuration in a new window”, there should be a line that says “Configuration File (php.ini) Path” (or similar) — make sure your php.ini is either in that directory, or that there is a symlink to your php.ini located there.

It might be a LiteSpeed thing — I had an issue with my own php.ini that LiteSpeed had created not being located in the directory it was reading from by default.