Scott Dayman
Forum Replies Created
-
It’s not a new issue, so here’s what it looks like right now ten minutes into the URL scan:
https://www.dropbox.com/s/e0sab2og6rcko87/Screenshot%202014-08-31%2014.58.25.png?dl=0Not that I’m aware of. Bummer.
If all else fails, use Wordfence Options and set it to delete word fence tables and data upon deactivation. Then delete the plugin, clean up .htaccess and reinstall the plugin. Unless someone has a better idea.
I’ve not tried this for non-scan issues, but enable Wordfence debugging and then enable caching. Maybe the detailed scan window will show the activity that’s deactivating the cache.
Do you have any other sites with Wordfence?
I think if you turn on debugging, you see the curl command. I’d try to manually run that curl command from the command line on your server to see what happens.
500 errors are pretty vague, so it’s just guesswork for me. Maybe Wordfence knows the reason.
I’m on Dreamhost and use Cloudflare. I use the plugin. I still think you should and don’t see why you wouldn’t. Dreamhost got me up and running on Cloudflare, but I don’t think they do any special magic.
It could be that there are too many for Wordfence select all at once.
500 is a lot of files. Are they all over your site, or just plugins and/or themes?
Why are you trying to delete them instead of repair?
After your scan, is it flagging a bunch of Problem Found files?
My Scan screen’s New Issues tab is empty since there aren’t any issues, though the Bulk Operation buttons are still there. Nothing to apply Bulk Operations to, so I don’t use it.
Other posts indicate this could be your server running out of allocated memory. How much memory is allocated for your website? This is found via the Server Settings link at the bottom of your Options Page.
My wild guess is that the Wordfence server was overloaded and couldn’t respond to your request.
Is this happening all the time?
I don’t use W3TC. Do the filenames follow a specific naming convention? If so, then you can use: “Exclude files from scan that match these wildcard patterns. Comma separated.”
I don’t know if this option would accept a directory name as an argument.
Don’t change wfConfig.php. If anything, use the Options Page to check your system’s configuration (bottom of page link) for memory_limit. It’s probably in the neighborhood of the Allowed Memory Size in your error message.
I’m guessing you have a bunch of plugins that are hogging up all the memory.
When my scans finish, they show how much memory Wordfence used, and it’s well below the Max Memory I’ve allocated on the Options page.
FTP to your site and rename the plugin folder to wordfence.old and see if that lets you back in. That will deactivate the plugin. If your login works again, try renaming back to wordfence and try again. Hopefully it’s a temporary glitch.
If it’s still messed up, I’d delete the plugin folder, restore your .htaccess (again), then connect to the database and delete all the wf tables. Then reinstall Wordfence.
I haven’t had this problem.
Are you running any other security or caching plugins?
Your subfolder setup shouldn’t be an issue as long as WordPress is set up correctly in its own General Settings page for paths and URLs.
After you created the wpcache folder and changed the permissions, did your permission settings stay?
It’s not a DDoS. DDoS is designed to knock your site offline. This is just a bot login attack.
I don’t have email alerts turned on for failed logins due to how frequently this happens. Instead of a username like “admin” I have usernames like “admin325” that aren’t easily found. I periodically scan the Blocked IPs to see what usernames the bots are trying. I also have the Failed Login lockout set for 30 days.
I’m not exactly sure, but I haven’t suffered a week of no-scans. I’ve had two sites start scans at the same time, then have just one get kicked off due to the high load.
If I manually try again periodically, I can luck out, but my sites don’t go more than a couple of days without a scan.
I’m guessing that Wordfence’s popularity has something to do with it. They’ve upped their user base by 25% in the past few months. Their attack rate is nearing 35k/sec pretty consistently, compared to the 20k/sec a few months ago. They need to increase their server capacity.
