Scan process ended after forking

Hello @frankie9724 and thanks for reaching out!

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks!

Thanks for sending those @frankie9724

Looks like you are behind a CDN, Cloudflare. Add your site’s IP to the Whitelist in Cloudflare and then try another scan.

Let me know what happens!

Thanks!

I did add the site’s IP to the IP’s whitelist in Cloudflare and did not have any luck. This scanner has been down since 9/11 and I am concerned.

Much appreciate you help…

Hello again @frankie9724

162.241.252.164 was the IP you added correct?

If so, head over to Tools > Diagnostics > Debugging Options and enable Start all scans remotely, if it’s already enabled, disable it. Then try another scan to test.

You had mentioned that this hasn’t been working since 9/11. What changed on that date? Was it working before then? Any updates or new additions to the site then?

Thanks!

That is not the IP I added. At Bluehost it said 151.203.78.251, I just added 162.241.252.164 and it is still not working.

Enabled start scans remotely earlier.

I have deleted Wordfence entirely and reloaded as well.

Earlier in the month I was working on the site speed with Bluehost. We enabled Smush and WP Supercache which I have already disabled. I believe they optimized the database. They had me clear the cache in Cloudflare as well.

I do see a yellow triangle and ! next to the word Server when I start the scan.

I see what the issue is. It looks like the IP detection is incorrect. Navigate to All Options > General Wordfence Options and change How does Wordfence get IPs to Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.

Make sure Start scans remotely is turned OFF and then try to run another scan.

Let me know how it goes!

Thanks!

I have done what you asked with CF-Connecting IP. When I did this I receieved this message below.
Detected IP(s): 173.245.52.158
Your IP with this setting: 173.245.52.158

Now the scanner DOES appear to be working with lots of pauses and in the scan results I see this…

How does Wordfence get IP’s is misconfigured. TYPe: IP Detection.
? Details: A test request to this website was detected on a different value for this setting. IP blocking and live traffic information may not be accurate. Get More Information This site appears to be behind a front-end proxy, so using the X-Real-IP HTTP header will resolve to the correct IPs.

Do I need to go back to Cloudflare and add a third IP as 173.245.52.158? Can I remove the other IP’s that I allowed.

That is what you had it set to previously but it wasn’t detecting the correct IP, so that is strange. Do you remember any certain reason it was set to that?

I just ran a whois search on each IP listed in there. Looks like X-Real-IP would be the correct one but for some reason, it’s not communicating with Cloudflare correctly. Cloudflare is only working with the “CF-Connecting-IP”.

173.245.52.158 is another Cloudflare IP which is not showing in the diagnostic correctly. I would confirm with your host what exactly your site’s IP address is. It seems there is some confusion there.

Once you get confirmation, put that IP into your Cloudflare whitelist and let’s see what happens with X-Real-IP on for IP detection.

Let me know what happens!

Thanks!

I will reach out to Bluehost on my correct IP.

To rememdy the result (How does Wordfence get IP’s is misconfigured. TYPe: IP Detection.
) I selected….Use recommended value which may have already corrected this.

Can I enable Automatic scans for wordfence?
Can I turn back on WP Supercache and Smush plugins or atleast try?

Almost there. Many Many Thanks for your Excellent Support. This was a tough one.

Scan issues that end after forking are usually one of twenty things not working so its always a journey. So what you did to fix it essentially was switch the setting to something different and then set it back? I have actually seen this work with other stuff so I am not surprised.

I recommend Automatic Scans and yes you can activate these plugins if you want to use them. If you have any issues, let us know!

Thanks again for your support!

The IP is the one you gave me 162.241.252.164 IP. I have made sure it is allowed in rules by Cloudflare.

I have noticed since I selected “Use recommended value” To remedy the result (How does Wordfence get IP’s is misconfigured. TYPe: IP Detection. That under Wordfence options Cloudflare ClF Connecting IP is not longer selected.

Now this one is selected under Wordfence options ..Use the X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result. Is this one okay?

If that’s what it is recommending and it working, can’t argue with the results.

So your scanning is now working, right? Check your Live Traffic as well, is everything coming through as different IPs?

Thanks!

Everything looks good. Live traffic never stopped working. Those hundreds of bots from Singapore never seem to stop. I have been blocking them manually. At what point do I decide it is time for premium? How many bots are too many?

To answer that last question I missed…

So what you did to fix it essentially was switch the setting to something different and then set it back?

I had this set to the top recommended setting and not cloudflare. You had me set it to cloudflare, but the scan report said it was misconfigured. It allowed me to select the recommended value. When I did this I noticed “Use the X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result” had been selected.

You could try to tighten up your Rate Limiting options for the bots.

Country Blocking is a premium feature, and we aren’t allowed to discuss any of the premium features here as per forum rules.

If you have any questions regarding the premium version feel free to put in a support ticket at https://support.wordfence.com or for more information contact presales @ wordfence . com.