Why I Will Never Go back To WordFence • Chris Colotti's Blog

Why I Will Never Go back To WordFence

The last week has been more than a struggle dealing with WordFence.  I have five identical server builds that are all failing their scanning process with either out of memory or some erroneous error about not being able to connect to themselves.  I had paid licenses for these and did what anyone would do and opened up a ticket.  Now I realize this is one of the most used plugins and it “works for everyone but you” as I was told from support, but here’s where I take a few issues.  Bear in mind I have been using this product for about 2 years and started using the paid version a year ago.

First the servers are low use WooCommerce sites.  Most of you know them as the Pop Up Shops.  They are 1GB Virtual Servers at CloudWays, with only one WordPress application per server.  These run just fine all the time, the only failing issue was the WordFence Scans, and at that only when the scan hit the file contents process.  

Watching htop during all operations the system runs 300M-400M of system memory, and even during the first parts of the scans.  Then when it gets to the file contents, 700M+ memory usage in PHP-FM killing the system and the scan.  The other error about not being to make outbound connections is a complete mystery and frankly a pretty shitty written error.

Scan Failed The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself.

Scan Failed error after scan was in fact started and moving along into content scan

How NOT To Do Support

So I open this ticket and after THIRTY PLUS message back and forth not ONCE did they ask for SSH access, WP-Admin access, or even a clone of the server for testing.  All of which I would have provided, all I got was “this is a problem outside of PHP and not our plugin.”

I even did as they asked and scaled this one application based server to 2GB of memory and the SAME thing happens.  What was interesting was disabling WooCommerce and even for some reason disconnecting from their central console seemed to always help.  None of that is the point though.  I have had dozens of vendors at least LOG INTO THE DANG SYSTEM to get an idea what’s going on.  I could have even added them to my CloudWays account to open a ticket there to try and resolve it.

Instead the fallback of, “We have millions of customers working fine” and “It’s an issue with the server config” were in just about every single reply.  Their CEO actually noted how “passionate they are about their customers paid and free”, but this is not what I got.

Here is also a link to my review on the WordPress.org site.  I love the part about how I used “Abusive Language” I looked through all the 32 email exchanges, the most abusive thing I said was, “This is a little BS that it still isn’t completing with 2GB of RAM….”.  For those that know me, they can attest to the fact I have WAY more abusive language.

Time For Alternatives

Honestly, it’s clear this is an example of a company that’s done well.  They got really big, and if they truly were chatting internally about it could have asked for access or a clone of the server.  Hell, even a copy of the website itself to put in their own lab, but none of that happened.  So yes I have moved on, I have removed all their software from every website and instead I am testing MalCare which is not as big, has great reviews, especially about their support.  What I have noticed on the WordPress reviews of WordFence is there are more recent poor ones sighting performance and scan problems….go figure, maybe it’s not just me.

About Chris Colotti

Chris is currently a Principal Architect at Cohesity. In his role he spends the majority of his time supporting Cohesity events and creating outward facing content. He also acts as an active interface between the field and engineering/product management as customer zero in the TAG production lab. Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.