DigitalOcean litespeed server / WordFence scan blocking

Hi @ugrens,

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,
Margaret

Hello Margaret,

Thanks you for your answer. I have sent you the report via mail as you suggested. I’m looking forward to your response.

Best regards,
Stefan

Hi @ugrens,

Thank you for sending those diagnostics.? There are no blocks on your IP that would prevent your VPS from connecting to our servers.? In your diagnostics, under Connectivity, I’m also seeing a successful connection to the Wordfence servers from the website.

Since you are using Cloudflare, please ensure you’ve allowed your server IP in Cloudflare.  You can find information on that here: https://www.wordfence.com/help/advanced/compatibility/ 

After that, I’d like to get some details on your scan.  Please do the following for me:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”?
• If Remote Scanning is enabled, disable it
• Click to “Save Changes”
• Go to Scan > Scan Options and Scheduling
• In “Advanced Scan Options” section, enable “Use only IPv4 to start scans”
• Click to “Save Changes”
• CANCEL any current scan and start a NEW scan
• Once the scan finishes, email us the Activity Log (click the “Email Activity Log” link) at wftest @ wordfence . com

Wordfence > Tools > Diagnostic > Debugging Screenshot

This will help me see exactly what is happening when the scan fails. Please respond here after you have sent it.

Thanks,
Margaret

Hello Margaret,

I have made some progress on this, scan was finally able to start! But I think it is not working as it should. Something is stopping the scan. I have sent the activity log to the wftest @ wordfence . com.

What I am seeing as the issue in the log is:

• [May 23 09:14:47]?Scan process ended after forking.
• [May 23 09:16:10]?Attempting to resume scan stage (0 attempt(s) remaining)…
• [May 23 09:16:10]?Got value from wf config maxExecutionTime: 0
• [May 23 09:16:10]?Got max_execution_time value from ini: 300
• [May 23 09:16:10]?ini value of 300 is higher than value for WORDFENCE_SCAN_MAX_INI_EXECUTION_TIME (90), reducing
• [May 23 09:16:10]?getMaxExecutionTime() returning half ini value: 45
• [May 23 09:16:10]?Cached result for scan start test: true
• [May 23 09:16:10]?Starting cron with normal ajax at URL https://3dbox.ba/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=*******
• [May 23 09:16:11]?Scan process ended after forking.

Hi @ugrens,

Thanks for sending that over. I’m glad to hear the scan is starting now! Please try adding the LiteSpeed noabort directive near the top of your .htaccess:

# BEGIN LiteSpeed noabort
<IfModule rewrite_module>
RewriteEngine On
RewriteRule .* - [E=noabort:1]
</IfModule>
# END LiteSpeed noabort

In some cases, the above code may not work. There are some alternatives listed here:
https://www.wordfence.com/help/advanced/system-requirements/litespeed/

Then, go to Wordfence > Scan > Manage Scan and locate the “Performance Options” section. Set “Maximum execution time for each scan stage” to 20. Save the changes and try running the scan again.

On some sites, this will correct the issue. Adding “20” for the “Maximum execution time for each scan stage” tells the scan to pause every 20 seconds and start again where it left off, which makes the scan more performance-friendly for some servers. If this fixes the issue and scans run again, you can leave all the settings above except for “Enable Debugging Mode”.

Thanks,
Margaret

Hello Margaret,

I have done as you suggested, and I have added all three code versions in the htaccess just in case, after which I have restarted the server.

Also, I have set the “Maximum execution time for each scan stage” to?20.

Then I have started the new scan which again failed at some point.. Important note is that I have another website on same hosting, and same droplet and on that website I am able to finish the scan normally.

I have sent you again the acivity log of the scan while the debuggog log was on.

What can you suggest me because clearly there is an issue with something, as the secund website is running scans properly?

Thanks in advance,
Stefan

Hi @ugrens,

Thanks for testing those changes.? I want to rule out any plugin conflicts that may cause issues with the scan.? Is it possible to create a staging site?? On the staging site, you would want to disable all plugins except Wordfence and then run a new scan.? If the scan completes, please re-enable the plugins a few at a time and test again to narrow down where a conflict may be occurring.

If the scan is still failing while only Wordfence is enabled, but further along in the scan process, please send us an updated activity log at wftest @ wordfence . com. Please let us know here once you’ve sent that.

Thanks,
Margaret

Hello @wfmargaret ,

I have create staging site on which I have disabled all plugin and I got a good and clean scan. Even before I have disabled plugins on the staging site, I was getting a good start of the scan with the green checkmark on the “Server state” info in the scan panel.

On the live site, I have tried to disable ALL plugins except the WF and still the scan panel has a yellow exclamation mark on the “Server state” upon the new scan start.

What can you recommend me here? Other plugins clearly are not affecting the scan and the staging site which is identical (just on a different folder as a subdomain) is able to properly run the scan.

Hi @ugrens,

Thank you for following up with us and checking on the staging site! The Server State stage checks the following:

Monitor disk space
Scan for misconfigured How does Wordfence get IPs
PHP Version Check (cannot be disabled)
Check Web Application Firewall status
Check for paths that are not scanned by default

You can read more about the scan stages here: https://www.wordfence.com/help/scan/#scan-stages

In your case, I suspect a yellow exclamation mark on Server State may be due to “Check for paths that are not scanned by default.” You should see details on any issues under your Scan Results. Check for any skipped paths or other issues mentioned there.

With all of your other plugins disabled, are you still seeing the scan fail to complete on the live site and the Server State warning, or is the scan completing successfully with warnings?

Thanks,
Margaret

Hello @wfmargaret ,

Answer for you last question is that I still see the scan fail to complete. So in both cases, I see the server status warning and the scan fails to complete. Scan is running for some time, I get “Scan Stage Failed” warning and sometimes it continues by itself for one or two times before it fails completely.

Last logged before failing:

• [May 29 11:41:18]?Calling fork() from wordfenceHash with maxExecTime: 20
• [May 29 11:41:18]?Entered fork()
• [May 29 11:41:18]?Calling startScan(true)
• [May 29 11:41:18]?Got value from wf config maxExecutionTime: 20
• [May 29 11:41:18]?getMaxExecutionTime() returning config value: 20
• [May 29 11:41:18]?Cached result for scan start test: true
• [May 29 11:41:18]?Starting cron with normal ajax at URL https://3dbox.ba/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=******
• [May 29 11:41:19]?Scan process ended after forking.
• [May 29 11:42:22]?Attempting to resume scan stage (1 attempt(s) remaining)…
• [May 29 11:42:22]?Got value from wf config maxExecutionTime: 20
• [May 29 11:42:22]?getMaxExecutionTime() returning config value: 20
• [May 29 11:42:22]?Cached result for scan start test: true
• [May 29 11:42:22]?Starting cron with normal ajax at URL https://3dbox.ba/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=*****
• [May 29 11:42:23]?Scan process ended after forking.
  

I think it is very important that I can see the normal server status and the completed scan on the staging site. Copy of the website is done with the WP Staging plugin, not manually, and the website is exactly the same. Location of it is not in the main site folder, but a different folder in the same location. Maybe this can help you to point me somewhere on this issue.

Hi @ugrens,

Thanks for confirming that.? If enabled, can you disable the scan option Scan images, binary, and other files as if they were executable located in Wordfence > Scan > Scan Options and Scheduling > General Options, and then run a new scan?

You can read more about this scan option at https://www.wordfence.com/help/scan/options/#executable 

Please let us know how it goes!  If it fails further along in the scan, please send us the new debug output as well.

Thank you,
Margaret

Hello @wfmargaret ,

I have done as you suggested but it didn’t changed anything. The option was initially enabled, and then I have disabled it. Also to mention that on staging option is enabled and everything is working.

I have sent you both scan activity log and the report from diagnostics page as well.

Hi @ugrens,

Thank you for the information and testing. I didn’t receive the Activity Log, but I imagine it’s still failing after the fork. There are a couple more things I’d like you to test so that we can get more information on this.

First, please try clearing the Memcache on the live site. You may need to clear it twice. This will force the scan to use a new cron key. Then run a new scan. If it continues to fail after the fork, please try fully reinstalling Wordfence.

To reinstall Wordfence, first, make a backup of your website. Next, copy your license from the Wordfence > All Options > Wordfence License area — you’ll need that shortly. Then, go to Wordfence > Tools > Import/Export Options and use the Export Wordfence Options button. Save that string along with the license you saved a moment ago.

At that point, go to the Plugins area and deactivate Wordfence. Once you deactivate, a prompt will appear and you can use the bottom option to “Delete all Wordfence tables and data” and then click Deactivate. After that, delete the Wordfence plugin. Go to Add New Plugin at the top and search for and install Wordfence again. Activate it and use the “Use existing License” option in the prompt that appears. Paste the license key you saved and proceed. Go to?Wordfence > Tools > Import/Export Options?again and import your settings string.

Once reinstalled, please run a new scan. If it fails at the same point, please email us a copy of the Activity Log and raw server access logs from when the scan was run. This will help us see what responses the server is giving. You may need to reach out to your host to request those.

It may also help to see a copy of the Diagnostics for your staging site. Please also send us a copy of those with your forum username where indicated.

Thanks,
Margaret