Support » Plugin: Wordfence Security - Firewall & Malware Scan » Large site, scan doesn’t finish

  • I’ve tried a few different scans with different settings, but every time it makes it really far into the scan then just dies out of nowhere.

    The last time I scanned, the last log was:
    [Dec 30 01:42:15:1483083735.721755:2:info] Analyzed 41000 files containing 12.12 GB of data so far

    My whole site is around 16gb so it almost makes it. I’ve changed the max execution time and the time limit, but no luck.

Viewing 2 replies - 1 through 2 (of 2 total)
  • I copy/pasted this from a buried thread… Here are my thoughts and how I tend to set it up on a site that’s fairly large (4,000 posts, 71,000 comments). Just my opinion, I am not associated with Wordfence and suggestions below are only intended to provoke thought and customization.

    Also, I’m not a huge fan of fiddling around with scanning — it can be a real time waster and resource hog. It’s reactive and can never catch every possible exploit. Being proactive with defense and good redundant backups are much more important things to spend time on. For example, perhaps instead of devoting time to setting up Wordfence scanning, figure out if you could actually restore your entire stack from backups?

    Scan public facing site for vulnerabilities? (Do this once a month, keep unchecked.)

    Scan for the HeartBleed vulnerability? (Do once in your life, and run don’t walk from your ripoff ISP if you get a positive.)

    Scan for publically accessible configuration, backup, or log files. (Do twice a year.)

    Scan for publicly accessible quarantined files. (Once in your life, if you get a positive fix the bad setup that’s letting this happen.)

    Scan core files against repository versions for changes. (Keep checked.)

    Scan theme files against repository versions for changes. (Once in a while, or never if you customize your own theme.)

    Scan plugin files against repository versions for changes. (Uncheck, perhaps run once in a while if you don’t customize your plugins and every one is an exact match to repository.)

    Scan wp-admin and wp-includes for files not bundled with WordPress (Takes minimal bandwidth, keep checked.)

    Scan for signatures of known malicious files (Sure, why not? BUT, perhaps this references a huge list of sigs and uses significant bandwidth? Perhaps this is another one to run once a year.)

    Scan file contents for backdoors, trojans and suspicious code (Run once a month, Sunday night.)

    Scan posts for known dangerous URLs and suspicious content (If you’ve got very many posts, scan once a year, at night, then keep unchecked.)

    Scan comments for known dangerous URLs and suspicious content (Probably never, unless you have a crazy bunch of comment threads. In that case, scan once a year, at night. And use an external scan service such as Mcaffe.)

    Scan for out of date plugins, themes and WordPress versions (Keep unchecked, evaluate with human hands-on management.)

    Scan for admin users created outside of WordPress (Unchecked, evaluate with human hands-on management.)

    Check the strength of passwords (Useless if you know anything about passwords, keep unchecked.)

    Monitor disk space (Use ISP for this, keep unchecked.)

    Scan for unauthorized DNS changes (Uncheck.)

    Scan files outside your WordPress installation (If your site has any mass at all, keep unchecked.)

    Scan images, binary, and other files as if they were executable (Again, regarding mass, I’ve got something like 50,000 image files, yeah sure, we’re going to binary scan each one of those? I could pay another $50/month for the bandwidth to do so, but nope, I don’t think so.)

    Enable HIGH SENSITIVITY scanning. May give false positives. (Keep unchecked.)

    Use low resource scanning. Reduces server load by lengthening the scan duration. (CHECK)

    MTN

    Hi @markman641
    I recommend keeping the default options for Wordfence checked then try the following:
    – Exclude folders with large number of files on your server that you are sure they are safe (backup files, error/access logs and cache files), you can exclude these files from (Wordfence > Options => Exclude files from scan that match these wildcard patterns.)
    – If you have this option “Scan images, binary, and other files as if they were executable” enabled, then disable it for now.

    Let me know how it goes,
    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Large site, scan doesn’t finish’ is closed to new replies.