Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » SiteCheck error: Unable to properly scan your site. 404 Not Found

  • Resolved OWMC


    Got this error:

    SUCURI: SiteCheck error: Unable to properly scan your site. 404 Not Found

    Read I think 6 threads on it. None of them remotely helpful. The nearest thing that seemed remotely plausible was something about http/https.

    My site is on shared hosting, Let’s Encrypt enabled. And settings in my htaccess file such that it will only deliver https.

Viewing 4 replies - 1 through 4 (of 4 total)
  • @olly-owmc ,

    I am facing this exact same issue, I too am on shared hosting and force HTTPS with a Let’s Encrypt certificate, although I do this via the Sucuri Firewall rather than .htaccess. I’m a Sucuri paid-up customer and submitted a support ticket for this issue earlier today. I’ll let you know how they resolve it.

    Interestingly, I have two identically configured sites, both have the Sucuri plugin installed, one has this error, the other doesn’t.


    @olly-owmc I scanned your website directly at and it seems to scan without any errors, so then it may be due to your local website’s configuration (mainly the directory it is hosted in):

    Malware Scan Target
    If your website is not visible to the Internet, for example, if it is hosted in a local development environment or a restricted network, the scanner will not be able to work on it. Additionally, if the website was installed in a non-standard directory the scanner will report a “404 Not Found” error. You can use this option to change the URL that will be scanned.

    So you may need to adjust that setting, but I don’t think having an SSL like Let’s Encrypt or a forced https in the .htaccess file would cause such an error except during any propagation period.

    @olly-owmc ,

    My wesbite’s admin page is hosted at (note the ‘wp’). The sucuri support guy replied:

    “Hi there,

    This issue has now been resolved.

    As your WordPress dashboard includes ‘/wp’ in the address bar, I had to overwrite the SiteCheck Scan Target on the following page to”

    So I think the plugin picks up the non-standard location, but this is not publicly accessible so causes the 404 error. Changing the “MALWARE SCAN TARGET:” to the public URL appear to fix the issue (for me at least).

    Hope this helps.


    @tictag and @g0tr00t well that was easy!

    Indeed I’m using an unusual directory structure.

    As tictag suggests, and as confirmed here:

    Go to The plugin settings, then to “API Service Communication”, scroll down, and there you can enter the public URL of your site (by default it’s set to the root of your dashboard, which in my case was different).

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.