Daniel Strickland

@wfasa DONE.

Btw, I had narrowed down the plugins to two: Broken Link Checker and AddToAny Share Buttons . As far as I can tell, the scan gets hung up when either of these are activated.

Thanks for your help!

@wfasa Thanks for continuing to work with me on this.

From what I can tell so far, the scan completes fine with all plugins (except Wordfence) deactivated.

The scan also completes with these plugins reactivated:

SumoMe
UpdraftPlus – Backup/Restore
Wordfence Security
WPtouch Mobile Plugin
Yoast SEO

The scan fails (or gets hung up) when one of these plugins is activated:

AddToAny Share Buttons
Broken Link Checker
Formidable
Google Analytics by MonsterInsights

Which one(s) is the culprit? I’m still trying to figure it out. I’ll keep you posted.

@wfasa Thanks for reading our error logs. I appreciate your assistance.

I followed your advice and performed a clean install: I deactivated, deleted, reinstalled, and reactivated Wordfence. (I made sure to check the “Delete Wordfence tables and data on deactivation” option.)

I ran a scan and it got stuck, producing the “Scan process ended after forking” message.

I tried unchecking the option “Scan for signatures of known malicious files” to see if that would fix it. It didn’t.

Can you suggest what I might do next to solve this issue?

Thank you!

@wfasa I sent you our server’s error log. I hope it helps.

I had an idea… so I deactivated all our plugins and retried the scan. It worked!

I re-activated our plugins, tried another scan, and then killed it after it was stuck for 5 minutes.

Is it safe to assume then that the issue we’re seeing is caused by one of our plugins?

Hi wfasa,

Thanks for your help. I wasn’t to access our servers error logs, so I will contact our host and then email them to you.

Dan

One more time with slightly different results:

[Apr 20 14:09:47:1461186587.087469:10:info] SUM_KILLED:A request was received to kill the previous scan.
[Apr 20 14:09:47:1461186587.086760:1:info] Scan kill request received.
[Apr 20 13:56:31:1461185791.051346:4:error] Wordfence scan script accessed directly, or WF did not receive a cronkey.
[Apr 20 13:56:31:1461185791.050976:4:info] Checking cronkey
[Apr 20 13:56:31:1461185791.050106:4:info] Scan engine received request.
[Apr 20 13:48:16:1461185296.784373:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=send_net_404s
[Apr 20 13:05:55:1461182755.418077:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=get_known_files
[Apr 20 13:05:55:1461182755.379275:10:info] SUM_START:Fetching core, theme and plugin file signatures from Wordfence
[Apr 20 13:05:55:1461182755.164502:2:info] Found 7 themes
[Apr 20 13:05:55:1461182755.057207:2:info] Getting theme list from WordPress
[Apr 20 13:05:54:1461182754.952902:2:info] Found 12 plugins
[Apr 20 13:05:54:1461182754.743269:2:info] Getting plugin list from WordPress
[Apr 20 13:05:54:1461182754.411282:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=log_scan
[Apr 20 13:05:54:1461182754.410680:1:info] Contacting Wordfence to initiate scan
[Apr 20 13:05:54:1461182754.407453:10:info] SUM_ENDOK:Scanning your site for the HeartBleed vulnerability
[Apr 20 13:05:53:1461182753.342200:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=scan_heartbleed
[Apr 20 13:05:53:1461182753.341012:10:info] SUM_START:Scanning your site for the HeartBleed vulnerability
[Apr 20 13:05:51:1461182751.860012:4:info] Scan process ended after forking.
[Apr 20 13:05:51:1461182751.336651:10:info] SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only
[Apr 20 13:05:49:1461182749.336096:10:info] SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only
[Apr 20 13:05:47:1461182747.335541:10:info] SUM_PAIDONLY:Remote scan of public facing site only available to paid members
[Apr 20 13:05:47:1461182747.314953:4:info] getMaxExecutionTime() returning config value: 15
[Apr 20 13:05:47:1461182747.314581:4:info] Got value from wf config maxExecutionTime: 15
[Apr 20 13:05:47:1461182747.313750:10:info] SUM_PREP:Preparing a new scan.
[Apr 20 13:05:47:1461182747.311403:4:info] Setting up scanRunning and starting scan
[Apr 20 13:05:47:1461182747.311016:4:info] Setting up error handling environment
[Apr 20 13:05:47:1461182747.310194:4:info] Requesting max memory
[Apr 20 13:05:47:1461182747.308790:4:info] Checking if scan is already running
[Apr 20 13:05:47:1461182747.308435:4:info] Done become admin
[Apr 20 13:05:47:1461182747.308045:4:info] Scan authentication complete.
[Apr 20 13:05:47:1461182747.306155:4:info] Scan will run as admin user ‘workerb1’ with ID ‘2’ sourced from: singlesite get_users() function
[Apr 20 13:05:47:1461182747.304729:4:info] Becoming admin for scan
[Apr 20 13:05:47:1461182747.304368:4:info] Checking saved cronkey against cronkey param
[Apr 20 13:05:47:1461182747.303972:4:info] Exploding stored cronkey
[Apr 20 13:05:47:1461182747.299070:4:info] Fetching stored cronkey for comparison.
[Apr 20 13:05:47:1461182747.298692:4:info] Checking cronkey
[Apr 20 13:05:47:1461182747.297957:4:info] Scan engine received request.
[Apr 20 13:05:38:1461182738.857203:4:info] Starting cron with normal ajax at URL https://www.sfbee.org/wordpress/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=407c729e4ffe43f925aa2b8b
[Apr 20 13:05:38:1461182738.852980:4:info] Test result of scan start URL fetch: array ( ‘headers’ => array ( ‘date’ => ‘Wed, 20 Apr 2016 20:05:28 GMT’, ‘server’ => ‘Apache’, ‘x-powered-by’ => ‘PHP/5.3.29’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘pragma’ => ‘no-cache’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘set-cookie’ => ‘wfvt_1762871018=5717e11285cd4; expires=Wed, 20-Apr-2016 20:35:38 GMT; path=/; httponly’, ‘strict-transport-security’ => ‘max-age=63072000; includeSubDomains’, ‘content-length’ => ’12’, ‘connection’ => ‘close’, ‘content-type’ => ‘text/html; charset=UTF-8’, ), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( 0 => WP_Http_Cookie::__set_state(array( ‘name’ => ‘wfvt_1762871018’, ‘value’ => ‘5717e11285cd4’, ‘expires’ =
[Apr 20 13:05:27:1461182727.802270:4:info] getMaxExecutionTime() returning config value: 15
[Apr 20 13:05:27:1461182727.801980:4:info] Got value from wf config maxExecutionTime: 15
[Apr 20 13:05:27:1461182727.800926:4:info] Entering start scan routine
[Apr 20 13:05:27:1461182727.786125:4:info] Ajax request received to start scan.

In case it helps, here is the latest from the Wordfence Activity Log.

—
[Apr 20 13:00:08:1461182408.133839:10:info] SUM_KILLED:A request was received to kill the previous scan.
[Apr 20 13:00:08:1461182408.132823:1:info] Scan kill request received.
[Apr 20 12:55:17:1461182117.489174:4:info] Scan process ended after forking.
[Apr 20 12:55:13:1461182113.271780:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=get_known_files
[Apr 20 12:55:13:1461182113.265217:10:info] SUM_START:Fetching core, theme and plugin file signatures from Wordfence
[Apr 20 12:55:13:1461182113.258191:2:info] Found 7 themes
[Apr 20 12:55:13:1461182113.246922:2:info] Getting theme list from WordPress
[Apr 20 12:55:13:1461182113.237597:2:info] Found 12 plugins
[Apr 20 12:55:13:1461182113.175448:2:info] Getting plugin list from WordPress
[Apr 20 12:55:12:1461182112.848332:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=log_scan
[Apr 20 12:55:12:1461182112.847634:1:info] Contacting Wordfence to initiate scan
[Apr 20 12:55:12:1461182112.837406:10:info] SUM_ENDOK:Scanning your site for the HeartBleed vulnerability
[Apr 20 12:55:12:1461182112.030997:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=scan_heartbleed
[Apr 20 12:55:12:1461182112.030054:10:info] SUM_START:Scanning your site for the HeartBleed vulnerability
[Apr 20 12:55:10:1461182110.026157:10:info] SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only
[Apr 20 12:55:08:1461182108.025379:10:info] SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only
[Apr 20 12:55:06:1461182106.024698:10:info] SUM_PAIDONLY:Remote scan of public facing site only available to paid members
[Apr 20 12:55:06:1461182106.020168:4:info] getMaxExecutionTime() returning config value: 15
[Apr 20 12:55:06:1461182106.019644:4:info] Got value from wf config maxExecutionTime: 15
[Apr 20 12:55:06:1461182106.019107:10:info] SUM_PREP:Preparing a new scan.
[Apr 20 12:55:06:1461182106.017453:4:info] Setting up scanRunning and starting scan
[Apr 20 12:55:06:1461182106.016986:4:info] Setting up error handling environment
[Apr 20 12:55:06:1461182106.016416:4:info] Requesting max memory
[Apr 20 12:55:06:1461182106.015407:4:info] Checking if scan is already running
[Apr 20 12:55:06:1461182106.015152:4:info] Done become admin
[Apr 20 12:55:06:1461182106.014873:4:info] Scan authentication complete.
[Apr 20 12:55:06:1461182106.013408:4:info] Scan will run as admin user ‘workerb1’ with ID ‘2’ sourced from: singlesite get_users() function
[Apr 20 12:55:06:1461182106.011799:4:info] Becoming admin for scan
[Apr 20 12:55:06:1461182106.011545:4:info] Checking saved cronkey against cronkey param
[Apr 20 12:55:06:1461182106.011280:4:info] Exploding stored cronkey
[Apr 20 12:55:06:1461182106.007933:4:info] Fetching stored cronkey for comparison.
[Apr 20 12:55:06:1461182106.007668:4:info] Checking cronkey
[Apr 20 12:55:06:1461182106.007312:4:info] Scan engine received request.
[Apr 20 12:55:04:1461182104.486764:4:info] Starting cron with normal ajax at URL https://www.sfbee.org/wordpress/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=606437287302d9211c0ca28
[Apr 20 12:55:04:1461182104.485250:4:info] Test result of scan start URL fetch: array ( ‘headers’ => array ( ‘date’ => ‘Wed, 20 Apr 2016 19:55:02 GMT’, ‘server’ => ‘Apache’, ‘x-powered-by’ => ‘PHP/5.3.29’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘pragma’ => ‘no-cache’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘set-cookie’ => ‘wfvt_1762871018=5717de982e407; expires=Wed, 20-Apr-2016 20:25:04 GMT; path=/; httponly’, ‘strict-transport-security’ => ‘max-age=63072000; includeSubDomains’, ‘content-length’ => ’12’, ‘connection’ => ‘close’, ‘content-type’ => ‘text/html; charset=UTF-8’, ), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( 0 => WP_Http_Cookie::__set_state(array( ‘name’ => ‘wfvt_1762871018’, ‘value’ => ‘5717de982e407’, ‘expires’ =
[Apr 20 12:55:02:1461182102.968495:4:info] getMaxExecutionTime() returning config value: 15
[Apr 20 12:55:02:1461182102.968017:4:info] Got value from wf config maxExecutionTime: 15
[Apr 20 12:55:02:1461182102.966541:4:info] Entering start scan routine
[Apr 20 12:55:02:1461182102.950242:4:info] Ajax request received to start scan.

@wfasa thanks for your response.

I followed your link, and the steps to Open the JavaScript console for troubleshooting plugins. The only thing I see under Console is

“load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils&ver=1368877…:9 JQMIGRATE: Migrate is installed, version 1.4.0”

@wfasa Wordfence is still not completing its scan and getting hung up in the same spot.

We increased “memory_limit” to 256M (from 128M).

We increased “max_execution_time” to 60 (from 30).

We also set “Maximum execution time for each scan stage” to 15.

EDIT: We also confirmed that the .htaccess file is not blocking the wp-admin folder or limiting access to it.

What else can we do to try to fix this?

In case it helps, below is the latest activity log

—
[Apr 18 12:39:43:1461008383.208393:10:info] SUM_KILLED:A request was received to kill the previous scan.
[Apr 18 12:39:43:1461008383.208019:1:info] Scan kill request received.
[Apr 18 12:39:37:1461008377.293253:4:info] Scan process ended after forking.
[Apr 18 12:39:32:1461008372.090535:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=get_known_files
[Apr 18 12:39:32:1461008372.084065:10:info] SUM_START:Fetching core, theme and plugin file signatures from Wordfence
[Apr 18 12:39:32:1461008372.076455:2:info] Found 7 themes
[Apr 18 12:39:32:1461008372.071277:2:info] Getting theme list from WordPress
[Apr 18 12:39:32:1461008372.068918:2:info] Found 12 plugins
[Apr 18 12:39:32:1461008372.031506:2:info] Getting plugin list from WordPress
[Apr 18 12:39:31:1461008371.723393:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=log_scan
[Apr 18 12:39:31:1461008371.722894:1:info] Contacting Wordfence to initiate scan
[Apr 18 12:39:31:1461008371.720364:10:info] SUM_ENDOK:Scanning your site for the HeartBleed vulnerability
[Apr 18 12:39:31:1461008371.098203:4:info] Calling Wordfence API v2.22:https://noc1.wordfence.com//v2.22/?v=4.5&s=http%3A%2F%2Fwww.sfbee.org&k=3fd8f03d6324047f62c599e17608accdf848236d0e3d672bc1e096b69ed30450b113f8be8d35c0004c62990ae5391ad4d0f0d2d216b65fc0a381c34259c39b1f&openssl=268439647&phpv=5.3.29&betaFeed=0&action=scan_heartbleed
[Apr 18 12:39:31:1461008371.096772:10:info] SUM_START:Scanning your site for the HeartBleed vulnerability
[Apr 18 12:39:29:1461008369.004065:10:info] SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only
[Apr 18 12:39:27:1461008367.001707:10:info] SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only
[Apr 18 12:39:25:1461008365.001208:10:info] SUM_PAIDONLY:Remote scan of public facing site only available to paid members
[Apr 18 12:39:24:1461008364.997028:4:info] getMaxExecutionTime() returning config value: 15
[Apr 18 12:39:24:1461008364.996586:4:info] Got value from wf config maxExecutionTime: 15
[Apr 18 12:39:24:1461008364.996031:10:info] SUM_PREP:Preparing a new scan.
[Apr 18 12:39:24:1461008364.993699:4:info] Setting up scanRunning and starting scan
[Apr 18 12:39:24:1461008364.993369:4:info] Setting up error handling environment
[Apr 18 12:39:24:1461008364.992815:4:info] Requesting max memory
[Apr 18 12:39:24:1461008364.990692:4:info] Checking if scan is already running
[Apr 18 12:39:24:1461008364.990441:4:info] Done become admin
[Apr 18 12:39:24:1461008364.990160:4:info] Scan authentication complete.
[Apr 18 12:39:24:1461008364.988985:4:info] Scan will run as admin user ‘workerb1’ with ID ‘2’ sourced from: singlesite get_users() function
[Apr 18 12:39:24:1461008364.988024:4:info] Becoming admin for scan
[Apr 18 12:39:24:1461008364.987751:4:info] Checking saved cronkey against cronkey param
[Apr 18 12:39:24:1461008364.987076:4:info] Exploding stored cronkey
[Apr 18 12:39:24:1461008364.974238:4:info] Fetching stored cronkey for comparison.
[Apr 18 12:39:24:1461008364.973972:4:info] Checking cronkey
[Apr 18 12:39:24:1461008364.973583:4:info] Scan engine received request.
[Apr 18 12:39:24:1461008364.292160:4:info] Starting cron with normal ajax at URL https://www.sfbee.org/wordpress/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=771129eb7aa8b8485fc2a9b4
[Apr 18 12:39:24:1461008364.289910:4:info] Test result of scan start URL fetch: array ( ‘headers’ => array ( ‘date’ => ‘Mon, 18 Apr 2016 19:39:22 GMT’, ‘server’ => ‘Apache’, ‘x-powered-by’ => ‘PHP/5.3.29’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘pragma’ => ‘no-cache’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘set-cookie’ => ‘wfvt_1762871018=571537ec2b8f9; expires=Mon, 18-Apr-2016 20:09:24 GMT; path=/; httponly’, ‘strict-transport-security’ => ‘max-age=63072000; includeSubDomains’, ‘content-length’ => ’12’, ‘connection’ => ‘close’, ‘content-type’ => ‘text/html; charset=UTF-8’, ), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( 0 => WP_Http_Cookie::__set_state(array( ‘name’ => ‘wfvt_1762871018’, ‘value’ => ‘571537ec2b8f9’, ‘expires’ =
[Apr 18 12:39:22:1461008362.327310:4:info] getMaxExecutionTime() returning config value: 15
[Apr 18 12:39:22:1461008362.326874:4:info] Got value from wf config maxExecutionTime: 15
[Apr 18 12:39:22:1461008362.325966:4:info] Entering start scan routine
[Apr 18 12:39:22:1461008362.314871:4:info] Ajax request received to start scan.

@wfasa I’ll try your suggestions and let you know if they work. Thanks!

@islandwoman I’m not certain, but I think your issue is the one being addressed now by the Wordfence team. It’s mentioned here:

https://www.ads-software.com/support/topic/scanning-stops?replies=13#post-8285267

While you’re waiting for the upgrade, you might try to disable the option “Scan for signatures of known malicious files” under “Options”/”Scans to include” and see if that works.

@balex66 Have you had any luck figuring out the cause or solution?

Never mind. I see this is a known bug, addressed in this thread:

https://www.ads-software.com/support/topic/scanning-stops?replies=13#post-8285267

Never mind. I see this is a known bug, addressed in this thread:

https://www.ads-software.com/support/topic/scanning-stops?replies=13

Thanks, @wfasa !

In case it helps anyone else, I followed your advice to disable all the options under “Options”/”Scans to include” and then by the process of elimination figured out that Wordfence was getting stuck on this option:

“Scan for signatures of known malicious files”