Support » Plugin: Wordfence Security - Firewall & Malware Scan » What adds to amount of memory used in scanning?

  • Resolved slobizman


    A simple question: What contributes to the Out of Memory Fatal Error during a scan? I’ve read talk that the number of plugins, both active and inactive, add to it. But what else? If I have extra folders of files off some of the WordPress folders would that contribute? Old themes?

    I know that the file types to be omitted is set up and can be added to, so it’s not supposed to scan various large file types such as zip ,but am I missing something else that could be hogging the memory?

    With 256 memory set up on my dedicated server, I’m still unable to get it working on 2 of 3 sites.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi slobizman,
    I would suggest excluding folders with large number of files that you are sure they are safe, for example (caching files, backups, logs files, etc…).

    This can be done in “Wordfence > Options => Scans to include => Exclude files from scan that match these wildcard patterns“.

    Also, please check the followings:
    – Go to (Wordfence > Diagnostics) page and search for “WP_MEMORY_LIMIT”, “WP_MAX_MEMORY_LIMIT” and let me know the values assigned to them.
    – Go to (Wordfence > Options) then scroll down the page and make sure “How much memory should Wordfence request when scanning” has 256 Megabytes.
    – From (Wordfence > Diagnostics) page you can “Test your WordPress host’s available memory“.


    Thanks for the reply.


    Wordfence > Options > How much memory to use: 256

    Memory test results:

    –Starting test–
    Current maximum memory configured in php.ini: 128M
    Current memory usage: 64.50M
    Setting max memory to 90M.

    After seeing the 128MB instead of the 256MB I expected, I went into php.ini in the root of my wordpress folder and checked to see what it was set at. It was at 128MB:

    max_execution_time = 90
    max_input_time = 300
    memory_limit = 128M
    post_max_size = 32M
    upload_max_filesize = 32M

    So I changed it to 256MB and ran the Diagnostics again. It still told me the Current max memory configured in php.ini is 128M. So I don’t understand that.


    I tried unchecking and checking the scan options until I figured out which step is causing the problem. It only gives me the memory error when I have “Scan file contents for backdoors, trojans and suspicious code” checked.

    Well…I got it working with the “Scan file contents for backdoors, trojans and suspicious code” by excluding /cache (I use Super Cache) and also excluding *.gz. Is that okay to exclude .gz? I wasn’t sure since it was not in the exclusions as a default.

    I have a much larger size website I’ll try this on next. However, I really would like to get the memory thing figured out, why it’s says 128MB instead of 256MB in diagnostics.

    I fear it’s not going work for much longer since it said it used 89.4 MB of memory and I believe only 90 MB is available.

    Note: I tried on my larger site, and even with cache and other folder exclusions I added, it will only run with “Scan file contents for backdoors, trojans and suspicious code” unchecked. That site also has the exact same memory settings and results I mentioned for the first site we’re talking about.

    • This reply was modified 2 years, 6 months ago by  .

    Well, it turns out my server was actually at 128 MB. I had my web host bump it up to 256 MB. Now, all of my sites are able to run the scan. I don’t know what will happen if they all try to run it at the same time, if that is what will happen when they automatically run. I was meaning to purchase the paid version of it anyway, and then I guess I can schedule the times.

    Here’s is how my largest site ended, if it means anything to you:

    [Oct 14 17:26:19] Wordfence used 141.03MB of memory for scan. Server peak memory usage was: 223.78MB

    My web host, Liquid Web, is very conservative (careful), which I appreciate, and they didn’t sound too excited about bumping it up to 256 MB. They asked me to watch my memory usage carefully (not that I know how). But my question for you is, is there a way to make my websites only use up to 256 MB for Wordfence only and not for anything else? They’ve been running just fine at 128 MB.

    Thanks for your help.

    Glad to hear you managed to get the scan working fine on all your websites!

    Unfortunately, I don’t know if there is such a way to limit WordPress memory usage per plugin or not, however, I’m pretty sure Wordfence will not ask more than what you specified at “How much memory should Wordfence request when scanning“.

    P.S. yes, it’s okay to exclude all these cache files including .gz ones.


Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘What adds to amount of memory used in scanning?’ is closed to new replies.