wfasa

Hi all,

@asaracena thanks for your input. We have suspected this mainly affects GoDaddy sites for some reason but we haven’t yet been able to figure out exactly why. We’re continuously investigating to see if we can get to the bottom of it.

For anyone else reading this, if this has happened to you you can choose to disable automatic update of Wordfence and do the updates yourself manually instead. It’s not the most convenient solution but it should prevent it from happening again. It’s important that you then have Wordfence set to alert you about “warnings” so you can get notified when it’s time to update the plugin.

Hi @jedi82!
If you are no longer using Wordfence, you can delete all Wordfence related tables. It’s also possible to have Wordfence do this automatically for you if you enable the option to “delete Wordfence tables on deactivation” before you deactivate the plugin.

Hi @levdesign,
Sorry for the late reply. It is accurate that the files in the wflogs folder regenerate if they are deleted. The wflogs folder contains the files that make up the immediate memory of the Firewall. The reason for this is that the Firewall needs to load before WordPress itself loads and at this point, a connection to the database has not yet been established.

Most likely this is what it looks like, meaning it’s a permissions problem with the wflogs folder. You can try adding this constant to the very start of wordfence-waf.php to see if that makes a difference:

define('WFWAF_LOG_FILE_MODE', 0660);

If that helps, then it means that owner only write permissions don’t work with your wflogs, possibly because you have multiple server users running in the environment? The thing to look out for here is if there are other users running on the server other than the one WordPress is currently running as (you can see the name of this user on the Wordfence diagnostics page showing up as the “process owner”).

Let me know how it goes!

Hi @hjorth007!
Sorry for the late reply. I would recommend you enable debug mode in Wordfence. This will make more details show up in the scan log which you may find helpful in figuring out what’s going wrong. You can enable debug mode via the option at the bottom of the Wordfence > Tools > Diagnostics page.

The options I’d recommend for scan performance are:

Time limit that a scan can run in seconds: 0 (this will default to three hours)
Maximum execution time for each scan stage: 15
How much memory should Wordfence request when scanning: 256

It sounds like it might be that you have a lot of large files on the server. If so, disabling the option “Scan images, binary, and other files as if they were executable” might help as well.

Hi @eatonz,
Sorry for the late reply. If everything is working fine, I would assume you actually do have the tables. We recently changed it so that all tables are supposed to have only lowercase letters. It could possibly be something related to that? We haven’t seen other reports of this as far as I know, and it’s not something we’ve seen in testing. If you are on a Windows server, or if you are migrating the site back and forth from Windows, that could possibly be it.

Thanks cucocreative!
Sounds promising. I’ll keep an eye out!

Hi again @michelandre,

If Duplicator displays the same information, what is the problem exactly?

Keep in mind that there are two options that are affected.

“Maximum execution time for each scan stage” should be 15
“Time limit that a scan can run in seconds” should be 0