Email alerts quickly inform you of security related events on your site.

Wordfence watches activity on your site, both via the Scanner and the Firewall. Alerts are sent out via email. The recipient email of these alerts is configured when Wordfence is installed and can be changes via the General Options on the Global Options page.

WordPress alert function uses the built in WordPress email function, which in turn uses the PHP mail function on your server. If you are using an SMTP plugin that overrides WordPress built in email function that will be used for sending the alerts.

Wordfence can alert when someone is locked out from login, when users sign in to your website or when there’s a large increase in attacks. You can configure these alerts under Alert Preferences on the Wordfence Global Options page.

When configuring alerts you can choose if you want to be alerted on critical problems and warnings. If both are enabled, Wordfence will send an alert for each new issue that is found in automatic scheduled scans. You can find more information about scan results here.

Critical Scan Alerts

  • A WordPress core file has been modified
  • A file is suspected to contain malicious code
  • A plugin or theme has a vulnerability
  • The scan time limit exceeded (your scan failed)
  • Your site is blacklisted
  • A post title contains suspicious code
  • A post or comment contains a malicious URL
  • Your WordPress Options contain a malicious URL
  • An administrator has an easy password
  • You have less than 5MB available disk space
  • A WordPress core upgrade is available
  • A plugin was removed from the repository
  • An admin was created outside of WordPress
  • Your site IP is generating spam
  • Your site is being Spamvertised

Scan Warnings

  • A plugin file has been modified
  • An update is available for a plugin or theme
  • A plugin has been abandoned (not updated for 2+ years)
  • The “How does Wordfence get IPs” setting is misconfigured
  • A private file is publicly accessible
  • A subscriber has an easy password
  • You have less than 20MB available disk space
  • Your DNS records have changed
  • Wordfence was not able to detect your WordPress version

Frequently Asked Questions

  • Not receiving emails from Wordfence plugin

    If you are no longer receiving Wordfence emails from your site, a common reason is that your email server’s IP address has been added to a blacklist, and your WordPress site emails won’t be received by many other people, including you.

    You can look up your site’s domain or IP address, to see whether it’s on a blacklist on this URL:

    Enter your WordPress site’s IP address or domain, and if you see it listed on an email black list, contact your hosting provider for further instructions.

    If your site is not on a blacklist, you can also use the “Send a test email from this WordPress server to an email address” option at the bottom of the Diagnostics page on the Wordfence Tools menu, to test if a simple message will be delivered. If that test message is not delivered, your host may need to investigate the issue.