Email alerts quickly inform you of security related events on your site.
Wordfence watches activity on your site, both via the scanner and the firewall. Alerts are sent out via email. The recipient email of these alerts is configured when Wordfence is installed and can be changed under the “General Wordfence Options” section on the “Dashboard” > “Global Options” page.
The Wordfence alert function uses the built-in WordPress email function, which in turn uses the PHP mail function on your server. If you are using an SMTP plugin that overrides the WordPress built-in email function the that will be used for sending the alerts instead.
Wordfence can alert you when someone is locked out from login, when users sign in to your site, or when there is a large increase in attacks. You can configure these alerts under the “Email Alert Preferences” section on the “Dashboard” > “Global Options” page.
When configuring scan alerts, you can choose the lowest severity of alerts that you would like to be notified of. Wordfence will send an alert for each new issue of that severity or higher that is found in automatic scheduled scans unless you have disabled email alerts from individual sites in Wordfence Central. You can find more information about scan results here.
Critical Scan Alerts
Your Site’s URL is on a domain blocklist
Your Site is spamvertizing
A file matching a malware signature or containing a URL on a domain blocklist was found
A publicly accessible configuration or backup file was found
A plugin removed from the wordpress.org repository is installed
The Wordfence firewall is disabled
An administrator or editor with a weak password has been found
You have less than 5MB of available disk space
A plugin or theme with a known vulnerability is installed
High Severity Scan Alerts
Your server IP is listed on a spam blocklist
A post title has suspicious content (e.g., a script tag)
A blocklisted URL was found in a post
A scan was aborted due to reaching the default three hour scan time limit
The “How does Wordfence get IPs?” setting is misconfigured
You have less than 20MB of available disk space
A non-administrative user with a weak password has been found
A WordPress core, plugin, or theme file has been modified from the wordpress.org repository version
A WordPress option containing a blocklisted URL has been found
Publicly accessible quarantined files were found
An unknown or suspicious admin user has been found
A WordPress core update is available
Directory listing is enabled
Your web server exposes the document root (full path disclosure)
Medium Severity Scan Alerts
Your site is running an unknown core version of WordPress
Your site is running an older version of PHP (5.4 or below) that is incompatible with Wordfence country blocking
If you are no longer receiving Wordfence emails from your site, a common reason is that your email server’s IP address has been added to a blocklist, and your WordPress site emails won’t be received by many other people, including you.
You can look up your site’s domain or IP address, to see whether it’s on a third-party blocklist/blacklist at this URL:
Enter your WordPress site’s IP address or domain, and if you see it listed on an email blocklist, contact your hosting provider for further instructions.
If your site is not on a blocklist, you can also use the “Send a test email from this WordPress server to an email address” option at the bottom of the Diagnostics page on the Wordfence Tools menu, to test if a simple message will be delivered. If that test message is not delivered, your host may need to investigate the issue.