Scans won't run or are terminated

Hi,

Is that still happening? When we’ve seen it in the past, it usually temporary?

Thanks,
Brian

Yes, it’s still not working. Scans are not running at all.

I’ve also installed Wordfence successfully on 2 other sites and now the 3rd one is not working. The scan does not start – nothing happens after it says ‘Requesting scan’. I’ve all the areas as advised in the FAQ
but the scans are still not starting. Has anyone experienced the same? Any ideas?

Hi,

If you haven’t already, try a removal of Wordfence and table data and then reinstall.

-Brian

Thanks, Brian. I’ve tried removing the Wordfence plugin, dropped all the WF tables and then reactivated WF but still the scan refuse to start. I’ve also tested WF connectivity with server ok. What else to check?

Hi,

Can you turn on the option “Enable debugging mode” near the bottom of the Wordfence options page, and try running a scan again, then post the last 10 lines or so from the “Scan Detailed Activity” box here?

Also, do you have any other security plugins or security measures provided by the host, or any customizations to your .htaccess file?

-Matt R

Hi Matt, here are the lines from the “Scan Detailed Activity” box after enabling debugging mode. There are no other security plugins apart from “Limit Login Attempts”. The host is the same for the other sites where Wordfence works. No customisation in .htaccess except for that required for Wordfence automatic updates.

[Mar 12 01:13:51] Scheduled Wordfence scan starting at Saturday 12th of March 2016 01:13:51 AM
[Mar 12 18:36:41] Scheduled Wordfence scan starting at Saturday 12th of March 2016 06:36:41 PM
[Mar 13 04:11:33] Scheduled Wordfence scan starting at Sunday 13th of March 2016 04:11:33 AM
[Mar 13 13:10:52] Scheduled Wordfence scan starting at Sunday 13th of March 2016 01:10:52 PM
[Mar 13 19:12:08] Scheduled Wordfence scan starting at Sunday 13th of March 2016 07:12:08 PM
[Mar 14 07:35:37] Scheduled Wordfence scan starting at Monday 14th of March 2016 07:35:37 AM
[Mar 15 00:14:49] Scheduled Wordfence scan starting at Tuesday 15th of March 2016 12:14:49 AM
[Mar 15 09:33:39] Calling Wordfence API v2.20:https://noc1.wordfence.com//v2.20/?v=4.4.2&s=http%3A%2F%2Fwww.heera.com.my%2Fnews&k=25d8b6b1e4e581cfda5f4967f65909d9041f8b649cfbc3441fcae2b629811fc22a3a87dadba05be9f6856ce99b295f913c2e4ae1c28c9cb068ece9b031d41767881d163ce4533f69e92b790de4a404b8&openssl=268439647&phpv=5.4.44&action=ping_api_key
[Mar 15 09:33:46] Ajax request received to start scan.
[Mar 15 09:33:46] Entering start scan routine
[Mar 15 09:33:46] Got value from wf config maxExecutionTime:
[Mar 15 09:33:46] Got max_execution_time value from ini: 1200
[Mar 15 09:33:46] getMaxExecutionTime() returning half ini value: 600
[Mar 15 09:33:46] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.heera.com.my/news/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=43f06d0403267f02952e941
[Mar 15 09:33:49] Scan process ended after forking.

Hi,

Can you turn on “Disable config caching” and turn off “Start all scans remotely”, and see if a different message is shown?

You may have already turned on the first one. The second one is usually a workaround for sites that can’t start scans locally, but it may show a different message that could be helpful when it’s off.

-Matt R

Hi Matt, I’ve turned on “Disable config caching” and turned off “Start all scans remotely” and here’s the result of the “Scan Detailed Activity” for this scan.

[Mar 17 06:30:05] Calling Wordfence API v2.20:https://noc1.wordfence.com//v2.20/?v=4.4.2&s=http%3A%2F%2Fwww.heera.com.my%2Fnews&k=25d8b6b1e4e581cfda5f4967f65909d9041f8b649cfbc3441fcae2b629811fc22a3a87dadba05be9f6856ce99b295f913c2e4ae1c28c9cb068ece9b031d41767881d163ce4533f69e92b790de4a404b8&openssl=268439647&phpv=5.4.44&action=resolve_ips
[Mar 17 06:32:38] Calling Wordfence API v2.20:https://noc1.wordfence.com//v2.20/?v=4.4.2&s=http%3A%2F%2Fwww.heera.com.my%2Fnews&k=25d8b6b1e4e581cfda5f4967f65909d9041f8b649cfbc3441fcae2b629811fc22a3a87dadba05be9f6856ce99b295f913c2e4ae1c28c9cb068ece9b031d41767881d163ce4533f69e92b790de4a404b8&openssl=268439647&phpv=5.4.44&action=ping_api_key
[Mar 17 06:32:48] Ajax request received to start scan.
[Mar 17 06:32:48] Entering start scan routine
[Mar 17 06:32:48] Got value from wf config maxExecutionTime:
[Mar 17 06:32:48] Got max_execution_time value from ini: 1200
[Mar 17 06:32:48] getMaxExecutionTime() returning half ini value: 600
[Mar 17 06:32:49] Test result of scan start URL fetch: array ( ‘headers’ => array ( ‘x-powered-by’ => ‘PHP/5.4.44’, ‘set-cookie’ => ‘wfvt_1133640444=56e9df11388af; expires=Wed, 16-Mar-2016 23:02:49 GMT; path=/; httponly’, ‘content-type’ => ‘text/html; charset=UTF-8’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘pragma’ => ‘no-cache’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘content-length’ => ’32’, ‘content-encoding’ => ‘gzip’, ‘vary’ => ‘Accept-Encoding’, ‘date’ => ‘Wed, 16 Mar 2016 22:32:49 GMT’, ‘accept-ranges’ => ‘bytes’, ‘server’ => ‘LiteSpeed’, ‘connection’ => ‘close’, ), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( 0 => WP_Http_Cookie::__set_state(array( ‘name’ => ‘wfvt_1133640444’, ‘value’ => ’56e9df
[Mar 17 06:32:49] Starting cron with normal ajax at URL https://www.heera.com.my/news/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=549dc45b5fdec6fa340df337
[Mar 17 06:32:49] Scan process ended after forking.

Hi,

I see that the server is running LiteSpeed — I’m not sure if this is the case this time, but have you already added the code from this page to your .htaccess file?
LiteSpeed aborts Wordfence scans and updates. How do I prevent that?

LiteSpeed can end processes too early, even if the PHP has a long max_execution_time set, but this prevents that.

Otherwise, do you have any custom code blocking access to wp-admin/ or wp-admin/admin-ajax.php? It looks like the scan test works, but the second hit doesn’t. Normally, when visiting yoursite.com/wp-admin/admin-ajax.php, you should see a white page with just a “0” in the corner.

-Matt R

I am having the same issue with almost exactly the same log information. Wordfence is running fine for me on 5 other sites on the same host, but on this one (different account) it is not. I’m interested to see the solution. Thanks for replying, WFMattR!

Thanks, Matt. I have put the code into the .htaccess as recommended. Just to confirm, I’m pasting the code here.

# BEGIN litespeed noabort
<IfModule rewrite_module>
        RewriteEngine On
        RewriteRule .* - [E=noabort:1]
</IfModule>
# END litespeed noabort

I’ve checked admin-ajax.php and it’s fine; returned the 0 in the top left corner of the page.

I’m not sure if it makes a difference that this WP install is in a subdirectory. The .htaccess code is place in the subdirectory where WP is installed, not the root directory.

@karencheah: Yes, that’s the correct code — it just prevents LiteSpeed from ending connections before PHP’s normal timeout (which Wordfence can detect and avoid). I believe the code should be ok in the subdirectory, since the admin-ajax.php file is still deeper in a subdirectory. Let us know if it still has any trouble.

@skygirl: If the solution here doesn’t help, feel free to make a new post using the form at the bottom of the Wordfence forum here. (The www.ads-software.com forum rules ask us to keep each person’s issues separate, and it also helps us keep track of open issues, so no one gets skipped in long posts. You can include a link to this post for reference, along with the log and other details from your site.) Thanks!

-Matt R

Hi Matt, unfortunately that still doesn’t solve our issue. The scans are still not starting. What else to check?

Thanks,
Karen

Hi Karen,

Ok, after all that’s been tried so far, there are a few possibilities left:

* If the host uses ModSecurity, you can try turning that off temporarily — it’s possible one of their rules blocks the scan from starting. (ModSecurity has different rule sets available, so not all installations will necessarily block the scans.)

* It could be a conflict with another plugin — if you’re able to temporarily disable other plugins and try starting a scan, does it work?

* If neither of those help, try starting a scan and when it stops and says “Starting cron with normal ajax at URL”, try copying the URL and pasting it in a new browser window — it may look like it’s trying to load but not working for quite a while with your server’s settings, but that is ok — if you look back at the scan page while that’s running, does the scan seem to have continued? If the second browser window shows an error message, let me know what it says.

The last option only narrows down the reason, and isn’t a permanent solution, of course!

-Matt R