Support » Plugin: Wordfence Security - Firewall & Malware Scan » Can’t Start Scan + Using Cloudflare

  • Resolved tosunkaya

    (@tosunkaya)


    Hi. I can’t start scan. I’m using cloudflare. I allowed 69.46.36.0/24 (wordfence ips) on cloudflare, still same. Tried disabling plugins etc, still same.

    On diagnostics page:
    Connecting to Wordfence servers (http): OK
    Connecting to Wordfence servers (https): OK
    Connecting back to this site: wp_remote_post() test back to this server failed! Response was: cURL error 28: Connection timed out after 10003 milliseconds
    ______________
    SSl verification: enabled
    start all scans remotely: disabled

    I disabled cloudflare and tried scan 2-3 times was same, then enabled debug of wordfence, clicked scan it worked.
    Also scanning was worked with “Connecting back to this site” fail error.

    How can i make wordfence scan work with cloudflare?
    Also i switched wp aio security to wordfence, Did I make the right choice? I was getting lots of brute force requests even after changing login url + enabled most of security feature + 6g firewall rules. i used wordfence years ago, those times it was slowing down the site. I don’t see such a problem at the moment.

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @tosunkaya and thanks for reaching out to us!

    If you whitelist your site’s IP in Cloudflare, this should resolve your issue.

    Let me know if this helps!

    Thanks!

    But still same after allowing the ips. is 69.46.36.0/24 correct? @wfadam

    Scan Failed
    The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself.

    • This reply was modified 3 months, 3 weeks ago by tosunkaya.
    Plugin Support WFAdam

    (@wfadam)

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    I’ll see what we need.

    Thanks!

    hi i sent now.

    “Diagnostic report has been sent successfully.”

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending those reports @tosunkaya

    You can remove the 69.46.36.0/24 from Cloudflare and add your site’s IP to Clourflares Whitelist.

    Everything looks like it’s in the correct place. Once you get that whitelist in place, try another scan, if it failed, try enabling Start All Scans Remotely, but only if it fails the first time.

    Let me know how it goes!

    Thanks again!

    hi. thanks for analyzing @wfadam . added 3 ips from “IP(s) used by this server” to cf whitelist.
    scan didnt work. enabled “start all scan remotely” tried scan didnt work. disabled remotely. tried scan, still same isn’t working.

    Plugin Support WFAdam

    (@wfadam)

    I am wondering if your other security plugins are causing a blockage.

    I noticed Wordfence Login Security (wordfence-login-security) plugin. We dont have a seperate plugin for login security. What is this used for?

    I also noticed all of your crons are overdue and not working. You could download and install a plugin called WP Crontrol(https://wordpress.org/plugins/wp-crontrol/) to remove them. Once you remove them, disable wordfence and enable it again, this will recreate all the cron jobs. Though I am not sure that has much to do with our current issue with scanning.

    After you complete that, try running a scan again with Debugging Mode enabled and paste the last 20 lines here for me to review.

    To enable Debugging Mode:

    • Go to the Tools > Diagnostics page
    • In the “Debugging Options” section check the circle “Enable debugging mode”
    • Click to “Save Changes”.

    Hope this helps!

    Thanks!

    i was using aiowp security plugin + wordfence login (you have a seperate plugin) FOR 2FA (after clef, unloq beind out of service) then today started to using wordfence cuz of getting lots of bruteforce

    I’m asking to be sure did you see this writing: When i disable cloudflare proxy, scanning is working (but still shows Connecting back to this site: wp_remote_post() test back to this server failed!)

    wordfence login security plugin (for 2fa): https://wordpress.org/plugins/wordfence-login-security/

    [Sep 30 02:40:41] Scan stop request received.
    [Sep 30 02:40:48] Ajax request received to start scan.
    [Sep 30 02:40:48] Entering start scan routine
    [Sep 30 02:40:48] Got value from wf config maxExecutionTime: 0
    [Sep 30 02:40:48] Got max_execution_time value from ini: 30
    [Sep 30 02:40:48] getMaxExecutionTime() returning half ini value: 15
    [Sep 30 02:40:58] Test result of scan start URL fetch: WP_Error::__set_state(array( 'errors' => array ( 'http_request_failed' => array ( 0 => 'cURL error 28: Connection timed out after 10004 milliseconds', ), ), 'error_data' => array ( ), ))
    [Sep 30 02:40:58] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/tosunkaya.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=4c60fb44291b07fbd91d0563840255db&k=0256291ede5ff030a592280708a7b18f196c727bd5c7f383235a5ee4e9edbcb724030f2a1edbfa1f752321b37343ff424c30b746698066bbbf410228aa70e489&ssl=1&signature=b5301750124c7f07c7eb8911abeb901e48088733e7455c46d78ebe055bb3e3d1
    [Sep 30 02:40:58] Scan process ended after forking.
    Plugin Support WFAdam

    (@wfadam)

    Thanks for posting that @tosunkaya

    Looks like you have the AIOWP currently deactivated, so that shouldn’t be causing any issues. It is strange that the scan works without Cloudflare but still displaying the wp_remote_post().

    I am wondering if your host is blocking our noc1.wordfence.com scan server or the IP range we mentioned before 69.46.36.0 to 69.46.36.32. Check with them just in case.

    If that doesn’t resolve it, the next step would be to check for a plugin conflict of some sort. Just disable everything but Wordfence and try to run the scan to test.

    Let me know what you find!

    Thanks!

    Plugin Support WFAdam

    (@wfadam)

    Good catch! I didn’t realize you were on a Litespeed server. You can try the Bypass the LiteSpeed “noabort” check in All Options > General Wordfence Options before doing the htaccess code.

    Let me know how it goes!

    Thanks!

    enabled the bypass noabort setting tried 3 htaccess rules, it’s still same. cloudflare related?
    https://i.ibb.co/89VC01T/image.png
    https://i.ibb.co/3BB5gs7/image.png

    Plugin Support WFAdam

    (@wfadam)

    Not seeing your site’s IP in there.

    Which I believe is 34.65.252.93. Try adding that to Cloudflare.

    Let me know!

    Thanks!

    already added 3 IPs too + 69.46.36.28 = noc1.wordfence.com

    🙁

    Plugin Support WFAdam

    (@wfadam)

    If you have added all of the IPs and you are still having this issue. I would assume this is something with either a plugin causing a conflict or Cloudflare.

    On most Cloudflare set-ups with the error you are getting, the site’s IP address needs to be added to the whitelist. The reason is the site is sending out the scan request, Cloudflare accepts the package, sends it out to our scan server(noc1) then noc1 will send a signal back to the site to start the scan, usually what happens is Cloudflare will block the request back. Therefore the whitelist usually fixes it.

    I would check with their support and see if anything is missing or misconfigured.

    Let me know what you find!

    Thanks again!

Viewing 15 replies - 1 through 15 (of 18 total)
  • You must be logged in to reply to this topic.