• Hello Wordfence-Team,

    The Wordfence scan is failing on my website. It has worked before, I just removed some Malware with Wordfence help. I already followed your suggestions from other posts (reducing the limits, enabling debug, etc.).

    The Log shows the following:

    [Jul 06 19:06:00:1783357560.606717:4:info] Calling Wordfence API v2.27:https://noc1.wordfence.com/v2.27/?k=0bfde194b498300f86bc029f4e5672659d01b021c1d435f7eea5b2f8b3318450acca3044c14eecbb96e102406bae1527&s=eyJ3cCI6IjcuMCIsIndmIjoiOC4yLjIiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvdnNzb2UuYXQiLCJzc2x2IjoyNjk0ODg1MTEsInB2IjoiOC41LjYiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI4LjE5LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOiI4LjAuNDYiLCJsYW5nIjoiZGVfREUifQ&action=get_known_files
    [Jul 06 19:06:00:1783357560.606124:10:info] SUM_START:Fetching core, theme and plugin file signatures from Wordfence
    [Jul 06 19:06:00:1783357560.566378:2:info] Found 3 themes
    [Jul 06 19:06:00:1783357560.563773:2:info] Getting theme list from WordPress
    [Jul 06 19:06:00:1783357560.563427:2:info] Found 21 plugins
    [Jul 06 19:06:00:1783357560.560317:2:info] Getting plugin list from WordPress
    [Jul 06 19:06:00:1783357560.551620:10:info] SUM_ENDBAD:Checking for paths skipped due to scan settings
    [Jul 06 19:06:00:1783357560.323371:10:info] SUM_START:Checking for paths skipped due to scan settings
    [Jul 06 19:06:00:1783357560.314718:10:info] SUM_ENDOK:Checking for future GeoIP support
    [Jul 06 19:06:00:1783357560.310803:10:info] SUM_START:Checking for future GeoIP support
    [Jul 06 19:06:00:1783357560.300312:10:info] SUM_ENDOK:Checking Web Application Firewall status
    [Jul 06 19:06:00:1783357560.296057:10:info] SUM_START:Checking Web Application Firewall status
    [Jul 06 19:06:00:1783357560.285312:10:info] SUM_ENDOK:Scanning to check available disk space
    [Jul 06 19:06:00:1783357560.284992:2:info] The disk has 1226364.3 MB available
    [Jul 06 19:06:00:1783357560.284627:2:info] Total disk space: 4.96 TB -- Free disk space: 1.17 TB
    [Jul 06 19:06:00:1783357560.279904:10:info] SUM_START:Scanning to check available disk space
    [Jul 06 19:06:00:1783357560.267270:10:info] SUM_ENDOK:Checking for the most secure way to get IPs
    [Jul 06 19:06:00:1783357560.040398:10:info] SUM_START:Checking for the most secure way to get IPs
    [Jul 06 19:05:58:1783357558.034742:10:info] SUM_PAIDONLY:Checking if your site is on a domain blocklist is for paid members only
    [Jul 06 19:05:56:1783357556.030570:10:info] SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only
    [Jul 06 19:05:54:1783357554.028606:10:info] SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only
    [Jul 06 19:05:53:1783357553.804073:4:info] getMaxExecutionTime() returning config value: 20
    [Jul 06 19:05:53:1783357553.803636:4:info] Got value from wf config maxExecutionTime: 20
    [Jul 06 19:05:52:1783357552.979407:4:info] Calling Wordfence API v2.27:https://noc1.wordfence.com/v2.27/?k=0bfde194b498300f86bc029f4e5672659d01b021c1d435f7eea5b2f8b3318450acca3044c14eecbb96e102406bae1527&s=eyJ3cCI6IjcuMCIsIndmIjoiOC4yLjIiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvdnNzb2UuYXQiLCJzc2x2IjoyNjk0ODg1MTEsInB2IjoiOC41LjYiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI4LjE5LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOiI4LjAuNDYiLCJsYW5nIjoiZGVfREUifQ&action=log_scan
    [Jul 06 19:05:52:1783357552.977079:1:info] Contacting Wordfence to initiate scan
    [Jul 06 19:05:52:1783357552.971815:10:info] SUM_PREP:Preparing a new scan.
    [Jul 06 19:05:52:1783357552.967701:4:info] Setting up scanRunning and starting scan
    [Jul 06 19:05:52:1783357552.967330:4:info] Setting up error handling environment
    [Jul 06 19:05:52:1783357552.966896:4:info] Requesting max memory
    [Jul 06 19:05:52:1783357552.966319:1:info] Using low resource scanning
    [Jul 06 19:05:52:1783357552.964174:4:info] Checking if scan is already running
    [Jul 06 19:05:52:1783357552.962750:4:info] Checking saved cronkey against cronkey param
    [Jul 06 19:05:52:1783357552.962398:4:info] Checking cronkey: b81d69e9ba69598e7ff983b0f5b48535 (expecting b81d69e9ba69598e7ff983b0f5b48535)
    [Jul 06 19:05:52:1783357552.961908:4:info] Fetching stored cronkey for comparison.
    [Jul 06 19:05:52:1783357552.961215:4:info] Verifying start request signature.
    [Jul 06 19:05:52:1783357552.960677:4:info] Scan engine received request.
    [Jul 06 19:05:52:1783357552.565327:4:info] Scan process ended after forking.
    [Jul 06 19:05:51:1783357551.343954:4:info] Starting cron with normal ajax at URL https://vssoe.at/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=b81d69e9ba69598e7ff983b0f5b48535&signature=33016ced1056cf08ca9b9ca8c295eae04de0b7a0810a149e5f64e772e8119be2
    [Jul 06 19:05:51:1783357551.342571:4:info] Test result of scan start URL fetch: array ( 'headers' => \WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Mon, 06 Jul 2026 17:05:48 GMT', 'server' => 'Apache', 'x-robots-tag' => 'noindex', 'x-content-type-options' => 'nosniff', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => array ( 0 => 'no-cache, must-revalidate, max-age=0, no-store, private', 1 => 'public', ), 'referrer-policy' => 'strict-origin-when-cross-origin', 'x-frame-options' => 'SAMEORIGIN', 'content-security-policy' => 'frame-ancestors \'self\';', 'upgrade' => 'h2,h2c', 'vary' => 'Accept-Encoding', 'content-encoding' => 'gzip', 'content-length' => '32', 'content-type' => 'text/html; charset=UTF-8', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => ar
    [Jul 06 19:05:48:1783357548.593984:4:info] getMaxExecutionTime() returning config value: 20
    [Jul 06 19:05:48:1783357548.593712:4:info] Got value from wf config maxExecutionTime: 20
    [Jul 06 19:05:48:1783357548.589969:4:info] Entering start scan routine
    [Jul 06 19:05:48:1783357548.588750:4:info] Ajax request received to start scan.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Thanks for providing your scan log @larvafashion and I’m sorry to see you’ve had trouble with scans completing.

    As there’s no specific failure or error message and the feedback just stops, it’d assist us to see a full site diagnostic. You can send that to wftest @ wordfence . com from the top of Wordfence > Tools > Diagnostics. Click on “Send Report by Email”.

    Please add your forum username where indicated and let me know again once you’ve sent it as the inbox is unmonitored.

    Many thanks,
    Peter.

    Thread Starter Sara Die Webmacherin

    (@larvafashion)

    Thanks for the reply. I sent the report with my user @larvafashion as a name.

    Additionally to the malware, we had some problems with server performance. We had PHP 8.3 active, then Wordfence scanned quite a few files, but stopped after a while, and now with PHP 8.5 it seems it doesn’t properly start.

    Regards.
    Sara

    Plugin Support wfpeter

    (@wfpeter)

    Thanks for sending that over @larvafashion!

    I would say your overall settings and server setup look like scans should be completing successfully. It could be worth checking in with your host’s support to see if they have knowledge (or error log information) of why Wordfence scans might be failing.

    Setting max_execution_time = 60 in php.ini rather than the 180 it’s currently set to could help as we’ve frequently seen scan issues with numbers higher than 60 (or 0 as that is “unlimited”).

    I know you’ve already tried low resource scanning, but the other suggestions in conjunction with that setting might help.

    Set Wordfence > All Options > Performance Options > Maximum execution time for each scan stage to 8 and keep “Use low resource scanning” checked to help spread the scan out a bit more or at least keep memory usage for each hit lower. Don’t forget to save changes there after you’re done.

    In addition, consider:

    • Adding cache paths (if applicable) in Wordfence > All Options > Advanced Scan Options > Exclude files from scan that match these wildcard patterns such as: wp-content/cache/*
    • Keeping Wordfence > All Options > General Options > Scan images, binary, and other files as if they were executable disabled.
    • Setting an overall scan time limit in Performance Options of around 3 hours.

    Let us know if you see better results or different scan debug output after trying those. It might also be worth disabling other plugins temporarily during this time in case any are affecting available resources or connectivity to our servers.

    Thanks again,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.