Scan fails to start with Cloudflare website

Hey @marvyndt,

We are also using Cloudflare. No issues here. Try the following:

1. Whitelist Wordfence’s IPs via WAF Rule, then purge your website’s cache then Cloudflare’s. Make sure you’re using Wordfence’s latest IPs. You can also visit Cloudflare’s Security module (located in your dashboard) to see if there’s another IP blocked by Cloudflare every time you run a scan.
2. If checked, uncheck “Start all scans remotely.”
3. If unchecked, check “Use only IPV4 to start scans.” Sometimes, host servers are the issue (i.e., they do not accept Wordfence scans via IPV6).
4. Switch from “CF-Connecting-IP” to “Let Wordfence use the most secure method to get visitor IP addresses.” Either option works for us.

Hope this helps.

Cheers!

Thanks @generosus but I’d like to correct a couple of points. If a site is using Cloudflare to proxy visitors through it should be using the CF-Connecting-IP method to get IPs.

Also, in addition to adding our IPs to the Cloudflare firewall rule you’d want to add your own server IP to it too. The reason is that WordPress starts many jobs (like scheduled posts, backups, etc) by calling back to the website on a specific URL. For instance we start our scans by calling a URL similar to this:
https://yourwebsite.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=quick&cronKey=95edd0ccd6191e&signature=0283a5e76efbd0e2077b739041866a5
It uses WordPress’ ajax handler to do so. If Cloudflare is blocking or throttling your own web server’s IP address it would definitely cause scans to fail in the middle of them. It should be allowing those requests through unimpeded.

Try doing this and let us know how it goes.

Mia

Hey @wfsupport,

Thanks for the info and feedback. Agree. We use (and prefer) the “CF-Connecting-IP”, but both options work (they have for us). And Yes, whitelisting the host’s (web) server IP is the right thing to do as well. We do that too.

Again, thank you. Let’s see what @marvyndt comes up with.

Cheers!

Thanks @generosus . Unchecking “Start all scans remotely.” allowed the scan to start. It’s been running for a little over an hour now. I am not sure if it is caught in a loop. The wait icon is displayed about File Changes, Malware Scan, and Content Safety. Server State has the notice icon above it.

I will continue to monitor. Progress has been made!

Hey @marvyndt,

That’s great news!

Depending on the number of plugins and themes you use (and their size), it may take a while for the scan to complete.

Our scans typically take 20 minutes to complete with around 42,000 files. Your host server type (private, shared, etc.) will also influence the time it takes for the scan to complete.

Best wishes.

The scan was terminated because it reached the 3 hour limit. How do I go about addressing this?

On the Wordfence > Scan > Scan Options and Scheduling page on your site in the Performance Options section set “Time limit that a scan can run in seconds” to 21600 and start a new scan. That will allow the scan to run for 6 hours. If that scan fails for the same reason try upping it to 30000. Don’t forget to save the changes before leaving the Scan Options and Scheduling page.

The scan s can take longer depending on what options you have chosen and how many files you have on the server, images for example. They might take a while longer if you are using the scan option to Scan images, binary, and other files as if they were executable as well.

Mia

With the time limit set to 30000, the scan fails with error message: The previous scan has failed. Some sites may need adjustments to run scans reliably. Click here for steps you can try. (opens in new tab)

Can you post a screenshot of the general scan options you have enabled?

Mia

Please let me know if you need screenshots of any other settings.

I can’t see anything there that looks like it would make scans take longer. Can you send a diagnostics report to wftest [at] wordfence [dot] com and reply heere once it is sent? Make sure and include your forum username where indicated.

Mia

Diagnostic report has been sent.

Just checking in. Has there been any progress with the diagnostic report I sent?

Hi @marvyndt, thanks for sending that over.

Mia isn’t supporting Wordfence any more, so I just checked that out for you. The connectivity to your site and IP detection seems fine, suggesting the Cloudflare side is allowing us through. Some other settings that can often contribute to things like timeouts like max_execution_time also seem to be within an allowable range.

Could you please make sure Wordfence is updated to 7.10.3 as suggested in your scan results and then do the following for me?:

• Go to the Wordfence > Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode” 
• Click to “Save Changes”.
• CANCEL any current scan and start a NEW scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

Wordfence > Tools > Diagnostic > Debugging Screenshot

This will just help me see exactly what is happening when the scan fails to start.

Thanks again,
Peter.

[Aug 15 08:35:50] Setting up scanRunning and starting scan
[Aug 15 08:35:50] Got a true deserialized value back from 'wfsd_engine' with type: object
[Aug 15 08:35:50] Scan process ended after forking.
[Aug 15 08:36:17] Skipping unneeded hash: /var/www/vhosts/dcn.org/digitalcontentnext.org/wp-content/uploads/wpdm-cache/session-935915e64329b0495cd8bc5ad3a8b2df.txt
[Aug 15 08:36:17] Forking during indexing: /var/www/vhosts/dcn.org/digitalcontentnext.org/wp-content/uploads/wpdm-cache/session-9359424f4e6b1bb525573a843390dcc7.txt
[Aug 15 08:36:17] Entered fork()
[Aug 15 08:36:17] Calling startScan(true)
[Aug 15 08:36:17] Got value from wf config maxExecutionTime: 25
[Aug 15 08:36:17] getMaxExecutionTime() returning config value: 25
[Aug 15 08:36:17] Cached result for scan start test: true
[Aug 15 08:36:17] Starting cron with normal ajax at URL https://digitalcontentnext.org/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=83e0ba1a998d8805f66fbe279dada500&signature=c852f0bb665092583c4a395441868bfa175acd76c22e58f58fa6e73b9c9a9b8c
[Aug 15 08:36:17] Scan engine received request.
[Aug 15 08:36:17] Verifying start request signature.
[Aug 15 08:36:17] Fetching stored cronkey for comparison.
[Aug 15 08:36:17] Checking cronkey: 83e0ba1a998d8805f66fbe279dada500 (expecting 83e0ba1a998d8805f66fbe279dada500)
[Aug 15 08:36:17] Checking saved cronkey against cronkey param
[Aug 15 08:36:17] Requesting max memory
[Aug 15 08:36:17] Setting up error handling environment
[Aug 15 08:36:17] Setting up scanRunning and starting scan
[Aug 15 08:36:17] Got a true deserialized value back from 'wfsd_engine' with type: object
[Aug 15 08:36:18] Scan process ended after forking.