“I have attempted to get help from the devs at various stages of its development to no avail.”
Looks like this is your second post ever to the wordpress.org forums. I didn’t see any posts asking for help here.
I’ve searched our ticketing system and didn’t find anything there either.
Can you tell me how you tried to contact us?
Regards,
Mark.
In the support forums of your site before you took them all down and started over here at WordPress because “so many of the forum posts we had on here referred to a much older version of Wordfence and were no longer relevant.”
We moved here over 3 months ago.
Regards,
Mark.
I believe you are demonstrating my point very well.
Why didn’t you post anything in https://wordpress.org/support/plugin/wordfence over the past 3 months?
First, although you apparently didn’t realize it, this is a review–not a support request.
As a review, it was presenting factual information about the product and past interactions with the dev.
Second, I reviewed the current support forum before posting my review. If you do so, you will also discover numerous open support requests concerning scans failing, crashing, etc. I have concluded that the dev either cannot or will not address the memory issues related to his plugin and that therefore, additional support requests are a waste of time/effort.
Third, the dev didn’t even attempt to address the *content* of my review: That the product is a memory hog that can under certain circumstances consume all server memory.
If the dev had not deleted ALL the posts from their own website, then everyone could review the MANY posts on this subject over the past year. Why would a dev do that?
256 megs of memory ive never once went over 56 on anything including a wf scan. woocommerce occupies most of mem aloc. i call bs if properly configured host, i dont blame wf for not responding.
[Comments moderated, Please do not attack other posters who are often simply trying to help.]
The dev clearly admits that the plugin consumes A TON OF MEMORY; in fact he starts by asking for 256 megs, and then suggesting that if that is not enough, keep INCREASING in 50 meg increments until either (1) you run out of physical server memory or (2) your scans complete.
What the dev simply doesn’t explain is what to do when you run out of server memory trying to run his plugin…(oh wait, I think that was the point of my 1-star review).
Here is the FAQ from the dev:
QUOTE–
If you see an error about running out of memory, you can try the following:
Go to the Wordfence options page.
Click the advanced options link to show the advanced options.
Scroll all the way to the bottom where you’ll see an option to specify the maximum memory that Wordfence uses.
Try increasing this to 300 Megabytes (the default is 256 megs)
Do another scan.
If you still get an out of memory error, try increasing by another 50 and re-scan.
You can keep increasing by 50 megabytes, but be careful that your web server does not run out of memory because this may cause the operating system to behave unpredictably. You can refer to your web host’s documentation to find out what the maximum memory is that you’ve been allocated.
END QUOTE–
As a sidenote to WSUSA, “wf” DID in fact respond, just not constructively.
Hi @barky81
I’m sorry this thread seems to have gotten off track. Just wanted to post a quick update because I think we actually solved your problem in the 5.0.5 release and at the very least I wanted to let you know about it.
What happened was, we fired up a new Linode server to test something completely unrelated and saw the symptoms that you’re describing: Where the database runs out of connections and the site is put under serious load.
The issue was as follows:
We were making a call to “mysql_real_escape_string” in one of our modules which is actually deprecated. However this doesn’t cause a problem on most configurations, only very new servers, with relatively new Apache/PHP/mysql setups.
When we called mysql_real_escape_string() a warning would be issued and Wordfence would try to log that warning to the database causing a cascade of failures. When we reproduced this in our lab it was ugly – the error log spewed a ton of warnings and the database eventually started dropping connections.
Strangely we did not have this reported by any other users and only received one or two reports in the forums so we thought it was just an isolated issue.
Anyway, release 5.0.5 fixes this as you’ll see in the changelog and that went out yesterday after 48 hours of beta testing.
So please upgrade and you will hopefully find this resolves the problem you were seeing.
Once again I’m sorry this thread didn’t end up being as productive for you as it could have been, and I understand you weren’t posting a support request.
I just wanted to do you the courtesy of following up and letting you know that we probably fixed the issue you found was a problem for you with Wordfence.
Thanks for your input.
Regards,
Mark Maunder – Wordfence Founder & Feedjit Inc. CEO.
Mark,
I appreciate your effort at this point but…
I immediately upgraded and tested the new version as soon as it released.
It made no improvement to the situation.
In fact, I have been forced to disable the plugin to prevent it randomly running without notice and killing my website (free sites cannot schedule scans).
The issue is *memory consumption*, period. My site doesn’t run out of connections, it runs out of memory. I can watch TOP on one screen in a console and watch your plugin running in the dashboard on another screen…gradually all the real memory is consumed; then the swap file–in my case 1 gig of real/500 megs of swap–then the process killer terminates mysql. Of course, the variability of other web activity (visitors/googlebot/etc) means that *when/where* it fails is influenced by other memory consumption–but it is your plugin that consumes all memory.
As a result, small sites and sites with limited files/links/etc. can successfully use the plugin because it finishes before it is forced to consume all the memory.
But the more pages/posts/files/links/etc, the worse it is. The longer it runs the more memory it consumes. Your failure to even breakup the scan process into simple component parts so that we could complete individual portions of the scanning process makes it a timebomb for any growing site…
To be absolutely clear:
This is something specific to your site. Wordfence successfully protects some of the busiest WordPress sites in the world without a hitch, making them more secure and significantly faster.
We load test the plugin before each release and a memory leak of the proportions you’ve described is something we’d catch.
We also run Wordfence on our own corporate sites, one of which is in the top 3000 busiest sites in the world.
It sounds like you’ve signed off on us and that’s unfortunate, but I’ll leave an open offer that if you’d like to work with us on diagnosing this, you can post something on the forums and we’ll investigate.
Regards,
Mark.
Yes, let’s be absolutely clear:
It is not specific to my site. It is apparently common enough that you have an FAQ (quoted above) specifically ABOUT this issue.
I am quite sure “the busiest WordPress sites in the world” run on more than 1 gig of server memory (setting aside the idea that they run on *farms* with separate database servers–which isolates it from the process killer on the webfront end).
Affected sites are LOW traffic/HIGH content sites running on MODEST (single) server resources. They run on modest resources *because* they are low traffic (unless they use your plugin, of course). I am quite sure I could double (maybe triple) my server resource and “solve” the problem–albeit at a much higher monthly expense. At least until I accumulated enough additional site content/files/etc for scans to have to run even longer and to consume all available memory again.
I certainly never said it was a “memory leak”.
I will assume more of your users don’t see their Mysql db killed because they are on shared hosting plans that isolate them from the db engine. All they see are unexplained “out of memory” errors or scan failures/hangs/etc. I could be wrong, but I doubt it.
I just quickly scrolled through the last 2 weeks of support threads in your forum here and easily identified at least 13 related to “out of memory” issues and “scan not completing” (again, memory related) threads.
I am sorry if my review offends you.
allm
(@realblueorange)
@barky81
I understand your frustration with WordFence running out of memory. Apparently you like the functionality of the plugin, but in your case things don’t seem to work. I have had some small sites in a 64 Mb shared hosting setup, and eventually they all got into memory problems during a WordFence scan. Updating to a 128 Mb setup solved it…. for now.
You suggest that cutting up the scan in parts might be an idea, but I think that is something you can do right now. In the options you can select some scans and deselect others. That way you might be able to do a complete scan in 2 or 3 times. And if that still runs into trouble you might get to know which of the scans is the culprit. That is useful info for Mark. Maybe that part of the scan can be cut up into pieces.
I respect that you take the time to react here. Maybe it is an idea to work with Mark and see what scan is the culprit and what can be done about it. I guess Mark will want to know as well what he possibly can do to make WordFence a better product. At least that is what I see. If this leads to a better WordFence, using less memory, everybody wins, including you.
I agree that WordFence uses a lot of memory (certainly making it not work in certain setups), but I did not go into the code to check if that is avoidable.
To recap:
I and others did/have tried to work with the dev on the memory issues. Got no where.
The suggestion to “cut up the scans” is based on experimenting with the current options. There is NOT currently any way to effectively “cut up the scans”. The current options don’t really affect the intensive components of the scan process.
allm
(@realblueorange)
@barky81
I see what you mean. I guess there are one or two scanning options that cannot be divided further (now) and that are too memory intensive.
In the past (before I upgraded memory size) I have been able to get scans going again by disabling 1 or more of the scan parts. Not a perfect solution, but it is better than nothing.
I too have wondered if the memory intensive componenents could be cut up (without me knowing it, just running smoothly in the background) so that it would always finish. I’ve been too busy to go into the code myself. But it would be a good thing if Mark can answer this concern as I have experienced memory problems myself (not now) and have heard from (a lot of) others…
I agree that LOW traffic/HIGH content sites running on MODEST (single) server resources are the servers that are most prone to this problem.
