Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it.

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it. (https://www.webhostingsecretrevealed.net/blog/hosting-updates-news/the-who-what-when-of-endurance-international-group-eig/ )

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it.

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it.

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it.

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

Thanks for the reply. Yes, Arvixe is going through a terrible period of time since EIG bought it.

I’m happy my problem will be taken in consideration to include a feature into your plugin. I feel honored in a way. ??

I guess I can turn back that option to scan for backdoors, etc and leave the one that scans as images off since you mention it is very rare to happen.

Support offered me a server migration, I don’t thank that will solve my problem.

Thanks for all your help and support Matt!

Regards,

Luis

Hey Matt,

I email you 2 logs yesterday. I hope you got them or did they bounce? They are pretty long and Microsoft marked a few with debug code as spam for me the other day.

I set WordFence with “Scan file contents for backdoors, trojans and suspicious code” unchecked but today I found these 3 scans that never completed:

[Aug 25 00:47:24:1440478044.813436:1:info] Scheduled Wordfence scan starting at Tuesday 25th of August 2015 12:47:24 AM
[Aug 24 23:50:16:1440474616.124198:2:info] Analyzed 400 files containing 6.74 MB of data so far
*
*
[Aug 24 23:50:10:1440474610.336182:1:info] Contacting Wordfence to initiate scan
[Aug 24 23:49:58:1440474598.630376:1:info] Scheduled Wordfence scan starting at Monday 24th of August 2015 11:49:58 PM
[Aug 24 14:34:03:1440441243.755670:2:error] Scan terminated with error: There was an error connecting to the the Wordfence scanning servers: couldn’t connect to host
[Aug 24 14:33:48:1440441228.638056:2:info] Analyzed 5225 files containing 289.66 MB of data.
*
*
*
[Aug 24 14:32:22:1440441142.455658:1:info] Scheduled Wordfence scan starting at Monday 24th of August 2015 02:32:22 PM

* Removed lines by me so it doesn’t look so bloated.

Thanks for your assistance!

Luis

Hi Matt,

Today, I will turn off “Scan file contents for backdoors, trojans and suspicious code”. I didn’t do it in the past 2 days because I had completely purge all the cron jobs from wordpress. So, scheduled scans were working properly.

This afternoon, I checked on my sites and all were down but after lunch they were up again. I have 3 installs of WF, 2 of them ran scans around 1 AM and completed successfully. But the main site ran around 4 AM and was stuck and then again around 8 to 9 AM another scheduled scan was posted but never started my guess because the 4 AM scan never finished.

So, I’m guessing this is an option maybe you guys can add in a future release. If a scheduled scan is stuck and another scheduled scan finds it in that state after a certain amount of time, 1 hour(?) more or less or let the user define the time. Then the new scheduled scan can kill the stuck scan.

Anyways, just an idea. I will post back later on to let you know the results. If you need any logs let me know. Oh, I took a couple with debug mode on several days ago if you are interested.

Thanks again!

Hey Matt,

I will try turning off “Scan file contents for backdoors, trojans and suspicious code” to see if the scheduled scan completes.

What does it mean if it works?

Today, I’m going to purge some cron jobs off mysql DB that might have been left off from an old plugin or server 500 errors as suggested here or somewhere else I read.

Yeah, Arvixe increased the security so much that not too long ago the BitNinja had block me from accessing the site too much. They claimed I was calling a non-existent index.php file that I never created or that my html file was calling the HTML5 shiv javascript that wasn’t uploaded but even after removing the line of code it will still block me. This also happened for like a week or more.

I think I need a new host…

Thanks!

Hey Matt,

Scan is stuck again.

I think the host is blocking some cron jobs. In this case:

wordfence_email_activity_report

Thanks.

Hello,

During my troubleshooting period working on an issue with my setup and my host.

I did the following:

You can go here:

https://www.yourdomain.com/wp-admin/admin.php?page=sucuriscan_infosys#wordpress-cronjobs

find:

wordfence_start_scheduled_scan

check the box

scroll down

select: Excute Now

The scan will start and you can go check here:

https://www.yourdomain.com/wp-admin/admin.php?page=Wordfence

What I noticed when I had debug mode on was that Wordfence would reschedule the scans for the next 7 days.

So hopefully that might be easier.

Hey Matt,

Well the scans are finally working again.

One thing I noticed is that Sucuri reports the following on the Site Info tab:

PHP memory limit 256M
PHP upload max filesize 1024M
PHP post max size 1024M
PHP max execution time 600
PHP max input time 300

While Wordfence does its own test and uses the values from php.ini

Wordfence Memory benchmarking utility version 6.0.15.
This utility tests if your WordPress host respects the maximum memory configured
in their php.ini file, or if they are using other methods to limit your access to memory.

–Starting test–
Current maximum memory configured in php.ini: 1024M
Current memory usage: 38.75M
Setting max memory to 90M.
Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully
to determine how much memory your host allows. We have requested 90 megabytes.
Completing test after benchmarking up to 80.25 megabytes.
–Test complete.–

Congratulations, your web host allows you to use at least 80.25 megabytes of memory for each PHP process hosting your WordPress site.

You mention something that got me thinking if I set Wordfence to use 1024 MB why is it taking so long. So, I reduced the memory to 128 MB and after that the scans started working again after some other tweaks. Also the host seemed to do some tweaks on their side.

My reasoning was that maybe the host has some memory limits and when a cron job requests 1024MB it throttles the process so I figure if I requested less memory (in this case half of the suggested memory) it would let it complete the scan.

So, once again there is peace. ??

Thanks for everything Matt!

Hello Matt,

Thanks for taking a look at my log file. Yes, it is a shared host. The scan lasts that long because I increased the execution time to 15 secs in hopes that maybe the host was throttling the plugin.

So far what is happening now is that with php 5.5.11 scheduled scans are not going through. They can stay stuck for hours or days if you don’t go check on them at least once a day. Manual scans are completing no problem.

I can’t recall the size of the other file it was scanning on debug. I’ll check later today. Right now host support is logged in so I’ll wait till they are done or let me know it is okay.

I really appreciate your help Matt!

Thanks.

Hi Yorman,

Apologies I forgot to mark this topic as solved. I think the “XHR Monitor” option has an affect depending what version of PHP your host is using.

I recently had this issue:

https://www.ads-software.com/support/topic/php-5511?replies=7

Thanks for your help!

Hey Matt,

Thanks so much for your tips. Sorry for the delay I was waiting on the host support to get back to me and for them to tweak things on the host side.

I think with php 5.5.11 disabling that option in Sucuri seems to have done the trick. Another thing I did was increase the display to 3 secs and the max exe time to 10 but the big change was I double the memory usage from 256 mb to 512 mb. That seems to just energize the whole thing back to full motion.

I haven’t tested the xhr option on again. I ran another scan just after that one to see if it was pure luck and it got stuck. So, I let the scan stay stuck there and then killed the scan. The wait time was maybe 15-30mins. Before this test, I noticed during scans it always gets delayed on 1 file. It isn’t a particular file. I did enable debug mode like you mention and saw it stuck on a backup file (.zip). I downloaded 2 months worth of backups and deleted them from the server. I ran a scan again and it got stuck on a different type of file. Anyways, for the third scan I changed the memory to 1024 MB, I know overkill but the scan completed. In the summary window:

[Aug 13 20:33:08] Wordfence used 27.67MB of memory for scan. Server peak memory usage was: 64.90MB

Anyways, I appreciate your help. I email myself some of the log files during these tests. One with PHP 5.3.x and the other with 5.5.11 if you guys want them I can forward them to your support email.

Thanks.