Wordfence abusing server limits

Can you post which options you have enabled under the “Scans to Include” section of the Wordfence Options page?

You will need to temporarily activate the plugin again. If an automatic scan begins when you activate it, you can go to the Scan page and click the link to kill the scan, below the “Start a Wordfence Scan” button.

If you have “Scan images and binary files as if they were executable” enabled, or High Sensitivity scanning, you could disable those to make the scans shorter. These options are off by default in new installations.

If you have a very large number of pages or posts and have Falcon or Basic caching enabled, the disk space and number of inodes could also be high because of that, though this could happen with any plugin that does page caching. Are you using Wordfence’s caching, or any other caching plugin?

Usually the scan should only have one instance of the “wordfence_doScan” process running at any time, and a second one may overlap for a short period, since scanning is broken up into multiple processes due to time limits. One of the processes will start another one, and then it will end itself shortly afterward — so there shouldn’t be a lot of these running, but they can run for a long time depending on the site’s content.

Did the host say how long the processes were running?

-Matt R

Sorry for the delay in replying Matt, and thanks for the suggestions.

I was having a hard time communicating with my host support and re-bringing back life to my site, which remained down for 48 hrs. almost because of this issue. They were not co-operative at all actually.

To answer to your inquiries;

“Scan images and binary files as if they were executable” enabled, or High Sensitivity scanning = they’re off

Falcon caching = not enabled. I activated it in the past to test, then turned it off to avoid this same situation

What I did for now is:

1- I stopped live scan which I had turned off the button for already previously but apparently there’s another “Enable Live Traffic View”in basic options that was ticked and I had to remove.

2- I stopped automatic scheduled scans

3-I reduced Wordfence memory request when scanning from 256 to 48

I will keep an eye this way for now. I hope I wont have further issues

Ok, sorry to hear the host wasn’t cooperative. Some hosts are more helpful in troubleshooting performance issues.

Disabling the Live Traffic view can have a benefit — it’s unusual that you had to turn it off twice. If any other options seem to have trouble saving, you can also turn on “Disable config caching” on the Wordfence Options page.

Since you stopped the scheduled scans, that should fix the original issue with the “wordfence_doScan” processes the host originally mentioned, but of course, files won’t be scanned for malicious content unfortunately, but will still have the other benefits. If you do run manual scans, you could try turning off most of the scan options, and run only a few of them at a time, then do a scan with different options later, to keep resource usage lower. (I’m not sure if this will help enough for the host’s rules though.)

If you do have further trouble, feel free to reopen this request. Thanks!

-Matt R