With Cloudflare activated, getting “Scan process ended after forking” message

Hi @ljezard, thanks for getting in touch again.

Your general connectivity looks good so the steps to allow your site to connect back to itself after reaching our servers went well by the looks of things.

However, it doesn’t look like the Cloudflare setup has been fully completed as your visitor IPs are detecting as your server address. You will need to select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”. There’s a bit more information here: https://www.wordfence.com/help/dashboard/options/#general-wordfence-options

Sometimes, we also see the Cloudflare firewall requiring Wordfence IPs to be added to the whitelist. Our IPs for reference can be found here: https://www.wordfence.com/help/advanced/#servers-and-ip-range

Let me know how you get on,

Peter.

I had already whitelisted your IP addresses ??

I set to “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”

I then got this message:

Your ‘How does Wordfence get IPs’ setting is misconfigured. This site is currently using the Cloudflare “CF-Connecting-IP” HTTP header, which should only be used when the site is behind Cloudflare. For maximum security use PHP’s built in REMOTE_ADDR. Click here to use the recommended setting or visit the options page to manually update it.

I ignore this and tried a scan again and got the same “Scan process ended after forking.” message. THis after purging the cache with Cliudflare just in case…

I just sent the diagnostic email again.

Hi @ljezard, thanks for the extra information.

I’ve re-checked your diagnostic after the latest update and the CF-Connecting-IP is giving what appears to be a valid IP value for visitors rather than REMOTE_ADDR which is coming through as a Cloudflare address. However, the CF-Connecting-IP is telling me this is a static corporate IP so you may need to confirm whether this is correct or just another IP such as that of your host.

You can find your own IP on https://www.whatsmyip.org/. Does this match the value being shown in Wordfence with any of the IP detection methods selected?

If no values ever match your IP, it’s possible your host is not sending the visitor IP through to your site correctly. You’ll need to contact your host to see how they could pass the visitor IP through so that this can be resolved. Some hosts use a “HTTP_X_MIDDLETON_IP” value to do this, for example.

In the mean time with your scan, have you already tried starting scans remotely from the Wordfence > Tools > Diagnostics > Debugging Options section? If you’ve already altered scan execution times as per the ticket you originally referenced, debugging mode in the same section to see if we can get more detailed log information from the failed scans.

Also referencing the original ticket, your WP_MEMORY_LIMIT should be set to 128M or 256M in wp-config.php whereas it’s telling me in your diagnostics report that this is 40M at the moment. WooCommerce (as a common example) recommend 64M minimum, so if you have many hits on the site at once especially during a scan, a lower limit here could be reached fairly easily.

Thanks again,

Peter.