Recently I got notification that a site was temporarily disabled because it had malware on it. Now that the issue is resolved, I believe it to be a false positive and overreaction from the hosting company. It also came on the night that I met a cleanup expert who works for Wordfence, the popular WordPress security plug-in. That meeting came in handy as I noticed scans on some of my sites weren’t completing successfully. My new Wordfence contact helped me find the appropriate settings to allow scans to complete and I wanted to share them with you.
Each of my own sites is hosted at SiteGround and some were recently migrated from other hosting. Even though the SiteGround hosting is far more robust than the previous hosting, I found that Wordfence scans on my sites were hanging up well before the scan was completed.
Let’s first look at the order of a Wordfence scan. Items go from left to right during a scan and the first three are only available for those with the premium version of Wordfence. My scans were hanging up in the middle of the File Changes stage and therefore never got to the Malware Scan. This was very frustrating as it left open the possibility for malware to go undetected.
Many of the things I needed to change were found on the Wordfence | All Options page. Once on that page, scroll down to the Scan Options section. While my sites were not set to do a High Sensitivity scan, it was recommended I not choose this option. All of the available General Options were checked, except for the last three. The boxes not checked are Scan files outside your WordPress installation, Scan images, binary and other files as if they were executable and Enable HIGH SENSITIVITY scanning.
In my own attempts to find a solution, I had tried a much higher Maximum execution time (100) based on a tutorial I’d read. My contact suggested setting this at 15. Probably the biggest thing changed was in the Advanced Scan Options. Each time a scan fails, the file on which it fails is added to the Exclude files list. Mine had grown fairly long and everything on that list was cleared. In it’s place, a few file types were added. While the file types can include malware, none can be executed directly so they are very low risk. The exact entry for those file types is listed below.
Once these changes were made (and the Save Changes button clicked), the scan ran successfully. Knowing that any problems will be detected quickly helps a Web geek sleep much better at night. Should you have Wordfence scan problems, I hope these suggested changes will help you find a way to get the scan running successfully again.
Photo by James Pond