Fix “There was an error connecting to the Wordfence scanning servers” in Wordfence

If you are wondering what is broken: your server cannot talk to the Wordfence scanning servers. Wordfence tries to reach noc1.wordfence.com to start or run a scan, the connection fails, and you see that error.

Why this error shows up

Wordfence scans call home to Wordfence’s servers for signatures, rules and some remote checks. That connection happens over HTTPS, using PHP’s cURL functions.

When you see:

There was an error connecting to the Wordfence scanning servers

it usually comes with a cURL error such as:

• cURL error 7: Failed to connect to noc1.wordfence.com port 443
• cURL error 28: Connection timed out
• cURL error 35: OpenSSL SSL_connect: Connection reset by peer
• cURL error 6: Could not resolve host

Different codes, same story: your WordPress server cannot complete an outgoing HTTPS request to Wordfence.

Most of the time it is one of these:

• A host firewall or WAF is blocking outgoing connections to Wordfence IPs.
• Your server’s IP has been blocked on the Wordfence side and needs review.
• cURL or OpenSSL on the server is outdated or misconfigured.
• DNS or IPv6 on the server is broken.
• Rarely, Wordfence’s endpoint is having an issue for a short time.

First: check Wordfence’s own connectivity tests

Wordfence has built-in tests that tell you where the connection is failing.

Step 1 - Open the Diagnostics page

1. In WordPress, go to Wordfence → Tools → Diagnostics.
2. Scroll to the Connectivity section.

Pay attention to these lines:

• Connecting to Wordfence servers (https)
• Connecting back to this site
• Any lines that mention noc1.wordfence.com or a cURL error.

If “Connecting to Wordfence servers (https)” is red or shows a cURL error: your server cannot reach Wordfence. Go to Fix 1 - Remote connection issues.

If “Connecting to Wordfence servers (https)” is green, but you still get the scan error: treat it as a resource or scan configuration issue. Go to Fix 2 - Scan configuration and timeouts.

Fix 1 - Remote connection issues (most common)

This is the case when Diagnostics shows failures for “Connecting to Wordfence servers (https)” or when your scan error mentions cURL 7, 28, 35, or 6.

Step 2 - Get your server’s public IP

1. On the same Diagnostics page, scroll to the IPs section.
2. Note the line IP(s) used by this server. This is the IP Wordfence sees.

You will need this IP for your host and Wordfence support.

Step 3 - Run a direct curl test to Wordfence (or ask your host)

If you have SSH access:

curl -v https://noc1.wordfence.com/

What you are looking for:

• If you see HTTP response headers and HTML, the connection works.
• If it hangs or shows a cURL error (7, 28, 35, 6 etc), the server cannot connect.

If you do not have SSH, send a ticket to your host and ask them to run that command from your web server and share the result.

Step 4 - Ask your host to allow outbound connections to Wordfence

In your ticket to the host, include:

• The full error from Wordfence (including the cURL error and noc1.wordfence.com:443 if present).
• Your server IP from the Diagnostics page.

You can say something like:

Wordfence security scans are failing with:
There was an error connecting to the Wordfence scanning servers
and a cURL error to https://noc1.wordfence.com:443.

Can you please confirm that outbound HTTPS connections from this server to Wordfence’s IP ranges are allowed and not blocked by any firewall or rate limit? The public IP for this server is [your IP here].

Ask them specifically to:

• Allow outbound HTTPS to Wordfence’s servers and IP ranges.
• Check any server-level firewall or security policies that could block or challenge connections to noc1.wordfence.com.

Step 5 - Fix SSL and cURL issues (for cURL error 35)

If your scan error or curl output shows cURL error 35 with an SSL_connect problem, it usually means:

• cURL or OpenSSL is outdated and does not support modern TLS, or
• There is a man in the middle proxy interfering with the TLS handshake.

Ask your host to:

• Update PHP, cURL, and OpenSSL to supported versions.
• Verify that the server can make a clean HTTPS request to https://noc1.wordfence.com/ without interception.

Step 6 - Disable the IPv6 connectivity test if it is noisy

Sometimes Diagnostics shows IPv6 DNS resolution failures even if your site is fine over IPv4. That can clutter the log but is not always fatal.

If your error mentions IPv6 issues and your server does not use IPv6, you can stop the IPv6 scan test by adding this line to wp-config.php:

define('WORDFENCE_DISABLE_IPV6_SCAN', true);

Save the file, reload Wordfence Diagnostics, and rerun a scan. If “Connecting to Wordfence servers (https)” now passes and scans run, the IPv4 path is working and you can ignore IPv6 for now.

Step 7 - If your server IP might be blocked on Wordfence’s side

If your host says they do not block anything, but:

• curl -v https://noc1.wordfence.com/ times out or shows a challenge, and
• Diagnostics always fails “Connecting to Wordfence servers (https)”

then your server’s IP may need review by Wordfence.

From Wordfence → Tools → Diagnostics:

1. Scroll to the top and click Send Report by Email.
2. Send the report to the address listed in the help text (for example wftest@wordfence.com when asked to by support).
3. Include that you are seeing “There was an error connecting to the Wordfence scanning servers” with the specific cURL error.

Once either your host or Wordfence confirms the IP issue is resolved, run a new scan from Wordfence → Scan.

Fix 2 - Scan configuration and timeouts

If Diagnostics shows that “Connecting to Wordfence servers (https)” is green, but scans still fail with the same message, treat it as a scan performance issue that surfaces as a connection error.

Step 8 - Adjust scan performance settings

1. Go to Wordfence → Scan → Scan Options and Scheduling.
2. Find Performance Options.
3. Set:
   • Maximum execution time for each scan stage to around 20 seconds.
   • How much memory should Wordfence request when scanning to a reasonable value for your hosting (for example 128M or 256M if available).
4. In Advanced Scan Options, enable Use only IPv4 to start scans if you see any IPv6 errors in Diagnostics.
5. Click Save Changes.

Then:

1. Stop any current scan if it is still running.
2. Click Start New Scan and watch the log.

Step 9 - Try starting scans remotely (temporary test)

Wordfence can start scans by connecting back to itself, or by using Wordfence’s servers to trigger the scan remotely. If the local start method is breaking, remote start can sometimes work around hosting quirks.

1. Go to Wordfence → Tools → Diagnostics.
2. In Debugging Options, enable:
   • Enable debugging mode (temporarily).
   • Start all scans remotely.
3. Click Save Changes.
4. Go back to Wordfence → Scan, stop any running scan, then click Start New Scan.

If the scan now runs without “error connecting to the Wordfence scanning servers”, you know the connection is fine but the local start method is fragile on this host.

Important: remote scans write extra data to the database. Do not leave Start all scans remotely on forever. Use it for testing, then turn it off once you and your host have a stable configuration.

Step 10 - Check “Connecting back to this site” if local loopback fails

On the Diagnostics page, if “Connecting back to this site” is failing while “Connecting to Wordfence servers” passes, your server may be blocking or misrouting its own loopback connections.

In that case, send these details to your host:

• A screenshot of the Connectivity section showing:
  • “Connecting back to this site” failing or returning 403/503.
  • Any SSL or hostname mismatch mentioned.
• Explain that Wordfence needs your site to be able to call itself via wp_remote_post() for scans to run.

Ask them to:

• Allow loopback HTTP and HTTPS connections.
• Fix any SSL issues that prevent wp_remote_post() from working on your own domain.

If you just installed Wordfence and see this right away

Sometimes this message appears during activation or the first scan if Wordfence cannot register and store its key.

Step 11 - Retry registration and clear old data

1. Go to Wordfence → All Options.
2. Scroll to the bottom and, if available, check the box to delete Wordfence data on deactivation.
3. Deactivate the Wordfence plugin.
4. Activate it again.
5. Walk through the setup wizard and then try a new scan.

If registration still fails with the same connection error, the problem is still your server’s ability to reach noc1.wordfence.com. Go back to Fix 1 - Remote connection issues and work with your host.

Verification

You know you are in good shape when:

• “Connecting to Wordfence servers (https)” is green on the Diagnostics page.
• “Connecting back to this site” is green or shows a clean response.
• Wordfence scans complete without the message “There was an error connecting to the Wordfence scanning servers”.
• No new entries in the scan log mention cURL errors to noc1.wordfence.com.

Still stuck?

For AI help

Hit Continue Chat below and send me:

• The exact Wordfence error text, including any cURL error code.
• A screenshot of the Connectivity section on Wordfence → Tools → Diagnostics.
• Your hosting provider and whether you use a CDN or WAF such as Cloudflare or Sucuri.

I will help you read the diagnostics and work out whether this is a firewall, SSL, DNS, or loopback issue on your site.

For expert human help

Scroll down to the contact form below. Enter your name, email, and WordPress needs. Atiba will get back to you as soon as possible.