480-595-0065
foster@unleash.com

Recently I got notification that a site was temporarily disabled because it had malware on it. Now that the issue is resolved, I believe it to be a false positive and overreaction from the hosting company. It also came on the night that I met a cleanup expert who works for Wordfence, the popular WordPress security plug-in. That meeting came in handy as I noticed scans on some of my sites weren’t completing successfully. My new Wordfence contact helped me find the appropriate settings to allow scans to complete and I wanted to share them with you.

Web HostingEach of my own sites is hosted at SiteGround and some were recently migrated from other hosting. Even though the SiteGround hosting is far more robust than the previous hosting, I found that Wordfence scans on my sites were hanging up well before the scan was completed.

Let’s first look at the order of a Wordfence scan. Items go from left to right during a scan and the first three are only available for those with the premium version of Wordfence. My scans were hanging up in the middle of the File Changes stage and therefore never got to the Malware Scan. This was very frustrating as it left open the possibility for malware to go undetected.

Many of the things I needed to change were found on the Wordfence | All Options page. Once on that page, scroll down to the Scan Options section. While my sites were not set to do a High Sensitivity scan, it was recommended I not choose this option. All of the available General Options were checked, except for the last three. The boxes not checked are Scan files outside your WordPress installation, Scan images, binary and other files as if they were executable and Enable HIGH SENSITIVITY scanning.

In my own attempts to find a solution, I had tried a much higher Maximum execution time (100) based on a tutorial I’d read. My contact suggested setting this at 15. Probably the biggest thing changed was in the Advanced Scan Options. Each time a scan fails, the file on which it fails is added to the Exclude files list. Mine had grown fairly long and everything on that list was cleared. In it’s place, a few file types were added. While the file types can include malware, none can be executed directly so they are very low risk. The exact entry for those file types is listed below.

*.svg
*.jpg
*.png
*.zip
*.bak

Once these changes were made (and the Save Changes button clicked), the scan ran successfully. Knowing that any problems will be detected quickly helps a Web geek sleep much better at night. Should you have Wordfence scan problems, I hope these suggested changes will help you find a way to get the scan running successfully again.

Photo by unsplash-logoJames Pond

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like…

Three Types of WordPress Site Backups

Three Types of WordPress Site Backups

As long as I've been using computers, I've heard that I needed to back up my data. The same is true of a WordPress Web site. Think about the amount of time and the expense that has gone into building your site. If something were to go wrong, do you have an easy way...

Learn More

Introducing Our New Divi Unleashed Site

Introducing Our New Divi Unleashed Site

We've been fans of the Divi WordPress theme since purchasing a lifetime license back in November 2015. In the seven plus years since that purchase, we have used Divi on all sites in the Unleashed family as well as the numerous sites we've built for clients. While...

Learn More

Misleading Comparison of WordPress Page Builders

Misleading Comparison of WordPress Page Builders

For as long as there have been multiple products in a specific category, there have been comparisons made. There is no doubt these comparisons help us choose the right product for our needs. I can't imagine these comparisons ever being created without at least a...

Learn More

Foster D. Coburn III

Foster D. Coburn III built his first Web site in 1995 and he has been working exclusively in WordPress since 2013. He has used the Divi theme exclusively since 2015. Earlier in his career he was the author of 13 best-selling books on CorelDRAW and has been a contributor to numerous technology and graphics-related magazines. Foster has taken many projects, including this Web site, from the early design stage through to a finished piece. He has been a featured speaker at many graphics conferences.

Web Design Blog

Graphics Blog

$
Personal Info

Donation Total: $5.00

Build Divi WordPress Site
WordPress Site Care
Divi Tools
Web Design Solutions Unleashed Logo