Ok so you know, you go to dashboard, and hit the “manage scan” button, and it takes you to the the “manage scan” subpage, of the scan page itself.
It would be very nice to have a link at the top, that says, back to “scan” landing page you know, because the page will be highlighted in the sidebar so you might think clicking “scan” from sidebar is same as clicking “manage scan” from dashboard.
Wasted over an hour on this. Very very very frustrating.
Well, now I have the button. It shows no output in the log when I press it, just a loading animation for a few seconds and then stops, no updates.
No js errors. It just triggers admin-ajax with a response of this in about 2.39 seconds:
{“ok”:1,”issueCounts”:{“new”:0,”ignoreP”:0,”ignoreC”:0},”nonce”:”6668795f0f”}
Any ideas? On a local install of a different website with same version of WordFence, things are working as expected. There is a status, when clicking the button it says “contact WordFence to start scan”, but on this site that may be infected, I just get nothing. Status only says idle. Loading animation for 2 seconds then button says “start scan” again.
Does WF have some caching thing built in, not letting me scan because it recently determined everything was fine?
Its pw on site, nevermind. Debug mode showed it.
Hi @joelmasci,
We generally don’t advocate for password-protecting the “/wp-admin” folder (read more about this on this blog entry.)
However should you choose to do so you need to set up the “.htaccess” file correctly; you can’t simply block access to everything in “/wp-admin” because the directory contains your AJAX handler.
The AJAX handler is what allows users on your website to perform application functions without a full page reload occurring. E.g. when you click a button and see a rotating “loading” icon, that is usually an AJAX call. If you simply block the whole of /wp-admin/ with a password, you will break any plugin or theme that uses AJAX for users who are not logged in.
To work around this, you can whitelist your ajax handler as follows. Your “.htaccess” file should look something like this:
AuthUserFile /path/to/your/htpasswd
AuthType basic
AuthName "Restricted Resource"
require valid-user
# This is the whitelisting of the ajax handler
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
I’m using 7.1.3 and it’s even harder to find what should be a really simple option.
The dashboard link for ‘manage scan’ does *not* link to the manage_scans subpage. Instead, it goes to:
/wp-admin/admin.php?page=WordfenceScan&subpage=scan_options&source=dashboard
I went round in circles for a similar amount of time as the OP. All I wanted was to manually initiate a scan, something I often do after installing the plugin.
It was only when I madea guess, and manually entered the URL
/wp-admin/admin.php?page=WordfenceScan&subpage=manage_scan&source=dashboard
that I was able to see the manual scan options. There doesn’t seem to be a link to this anywhere in the plugin.
I’ve been long time user of the plugin, and this sort of UX is baffling. In <v7, sure things didn’t look pretty, but they were at least able to be found. Surely it’s a bug?