Title: Multiple Site Scan Errors
Last modified: April 5, 2021

---

# Multiple Site Scan Errors

 *  [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/)
 * We have been experiencing [Site Scan errors](http://prntscr.com/wnhjs3) for the
   past 3 days. No back-end changes have been made to our websites.
 * The Site Scan Error messages vary. This is what we’re seeing:
 * > [cURL error 28: Resolving timed out after 10520 milliseconds](http://prntscr.com/wnhkv6)
 * > [Exceeded rate limit: Please wait 346 seconds.](http://prntscr.com/wnhm2q)
 * We are also getting Site Scan results that say “Clean” but a [red dot (failure) is displayed](http://prntscr.com/wnhovw).
 * For now, we’ll assume iThemes or Sucuri are having server issues. Hopefully, 
   they haven’t been hacked! LOL
 * Anybody experiencing the same?
 * Cheers!

Viewing 8 replies - 1 through 8 (of 8 total)

 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-13944258)
 * **Update:**
 * We continue to experience issues with iThemes Security Site Scanner for Malware,
   etc.
 * Today, we noticed the following:
 * (1) An auto-scan for malware revealed that our site is clean. However, we keep
   getting a “red” dot. Click [here](http://prntscr.com/xgme5h) for details.
 * (2) According to [this article](https://ithemes.com/new-protect-your-wordpress-website-with-the-ithemes-security-site-scan/),
   we should also be seeing results for “Blocklist.” Well, none are being detected
   nor displayed. [Note: The scanner should say or display “Blacklist” not “Blocklist”–
   a typo]
 * (3) The auto-scan for malware – apparently – is now linked to Googlebot’s site
   scanner, not Sucuri’s (as this [reference](https://help.ithemes.com/hc/en-us/articles/360007145634-What-Do-The-Malware-Scan-Errors-Mean-)
   and [this one](https://wordpress.org/support/topic/conflicts-with-ithemes-scanner-whitelist-ip/)
   suggest). We confirmed this by looking at our log in the back-end. This is what
   we found: Click [here](http://prntscr.com/xgn9ea), [here](http://prntscr.com/xgncw9),
   and [here](http://prntscr.com/xgnfg9).
 * So, in short, it appears the developers of iThemes have changed a few things 
   in the back-end without public knowledge and/or are experiencing issues with 
   Sucuri and Google.
 * Anyone experiencing the same? If so, how were you able to fix the issue(s)?
 * Cheers!
 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-13954957)
 * **Update:**
 * We also learned that those who use Cloudflare may be affected by the issue(s)
   reported above.
 * Cloudflare offers a bot-fighting tool called, “Bot Fight Mode.” To access it,
   go to: Cloudflare > Firewall > Tools > Bot Fight Mode.
 * “Bot Fight Mode” – when activated – injects a small, necessary js file into your
   website which triggers a false-positive when running [https://sitecheck.sucuri.net](https://sitecheck.sucuri.net).
   You’ll get a 503 server error or a “Malware” found message.
 * We checked with Sucuri, SiteGround (our host), and Cloudfare about this. Their
   answers:
 * **Sucuri:** “We know nothing about this.” No investigations performed. Support
   was poor.
 * **SiteGround:** They double-checked our account for Malware and functionality
   issues. Nothing found.
 * **Cloudflare:** They confirmed that “Bot Fight Mode” is working as intended and
   that Sucuri needs to review the impact of Cloudflare’s “Bot Fight Mode” on Sucuri’s
   bots used for malware site-scanning. They need to update their logic and site-
   scan algorithms to ensure they whitelist Cloudflare’s js file.
 * For more information on this, please click below:
 * [https://community.cloudflare.com/t/sucuri-has-flagged-as-a-malware-file/229587](https://community.cloudflare.com/t/sucuri-has-flagged-as-a-malware-file/229587)
 * Hope this helps the community, and also helps the developers of iThemes update
   their code to account for Cloudflare’s tool, “Bot Fight Mode.”
 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-13983129)
 * **Update: **(are we having fun yet?)
 * OK, so the Bot Fight Mode has nothing to do with the issue we first reported 
   above. Confirmed with Cloudflare and our host, SiteGround.
 * We’re still experiencing issues with iThemes Security’s malware scanner. Results
   continue to show “[clean” but still getting a “red dot.”](https://prnt.sc/xxjkp7)
 * In fact, last night, we performed several manual scans and got some php errors(
   changed all the time without us doing anything to our website). So, we can safely
   assume that iThemes developers are racking their brains over this issue.
 * We’ll continue to wait for an update from iThemes. Zero support for a while. 
   Let’s hope they’re OK.
 * Cheers!
 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14009495)
 * **Update:**
 * Site Scanning errors continue. This is what we currently get:
 * Scan Results (Notice Red dot with “Clean” message): [https://prnt.sc/yf9y1o](https://prnt.sc/yf9y1o)
   
   Raw Details: [https://prnt.sc/yfafkv](https://prnt.sc/yfafkv)
 * What’s going on iThemes Security? One other thing we noticed is that every time
   we perform a manual malware scan, the Source IP for performing the scan is our
   own IP. What? Shouldn’t the Source IP for the malware scan come from Sucuri or
   Google?
 * Got fix? The minions are waiting 🙂
 * PS: In lieu of fixing the above, please bring back the [legacy malware scanner method](https://ithemes.com/security/wordpress-malware-scan/).
   Much [cleaner and nicer UI](https://prnt.sc/yfc95k) (using Google ain’t good 
   enough)
 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14027149)
 * [@nlpro](https://wordpress.org/support/users/nlpro/):
 * Any thoughts on what’s causing this?
 * Cheers!
 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14043323)
 * Reproduces instantly.
 * Looks like a server side issue.
    Scan results may vary due to results caching(
   transient in the wp_options table).
 * Results caching probably implemented to balance the load.
    Seems like errors 
   aren’t cached. So after one or more (manual) site scan failure(s) at some point
   there is nothing returned. This is because the site scan result stored in the
   transient in the database is empty. Manually deleting the transient in the database
   results in the error being displayed again upon the next site scan.
 * The “Exceeded rate limit” message points in the direction of some sort of quotum
   limitation.
 * Probably nothing we can do. iThemes will need to dig in.
 *  Thread Starter [jetxpert](https://wordpress.org/support/users/jetxpert/)
 * (@jetxpert)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14075053)
 * **Update:**
 * We received an update from iThemes Support indicating that the above issue is
   caused by an API issue with Google. They have no time estimate for when Google
   will update their API.
 * Stay tuned.
 * Cheers!
 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14075668)
 * [@jetxpert](https://wordpress.org/support/users/jetxpert/)
 * Thank you for keeping us posted 😉

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Multiple Site Scan Errors’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [clean](https://wordpress.org/support/topic-tag/clean/)
 * [failure](https://wordpress.org/support/topic-tag/failure/)
 * [message](https://wordpress.org/support/topic-tag/message/)
 * [red dot](https://wordpress.org/support/topic-tag/red-dot/)
 * [server](https://wordpress.org/support/topic-tag/server/)
 * [site scan](https://wordpress.org/support/topic-tag/site-scan/)
 * [sucuri](https://wordpress.org/support/topic-tag/sucuri/)

 * 8 replies
 * 3 participants
 * Last reply from: [nlpro](https://wordpress.org/support/users/nlpro/)
 * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/multiple-site-scan-errors/#post-14075668)
 * Status: not resolved