Email alerts quickly inform you of security related events on your site.
Wordfence watches activity on your site, both via the Scanner and the Firewall. Alerts are sent out via email. The recipient email of these alerts is configured when Wordfence is installed and can be changes via the General Options on the Global Options page.
The Wordfence alert function uses the built in WordPress email function, which in turn uses the PHP mail function on your server. If you are using an SMTP plugin that overrides WordPress built in email function, that will be used for sending the alerts.
Wordfence can alert when someone is locked out from login, when users sign in to your website or when there’s a large increase in attacks. You can configure these alerts under Alert Preferences on the Wordfence Global Options page.
When configuring alerts you can choose the lowest severity of alerts that you’d like to be notified for. Wordfence will send an alert for each new issue of that severity or higher that is found in automatic scheduled scans, unless you have disabled email alerts from individual sites in Wordfence Central. You can find more information about scan results here.
Critical Scan Alerts
Your Site’s URL is on a domain blocklist
Your Site is spamvertizing
A file matching a Malware signature or containing a URL on domain blocklist was found
A publicly accessible config or backup file was found
A plugin removed from the wordpress.org repository is installed
The Web Application Firewall is disabled
An administrator or editor with a weak password has been found
You have less than 5MB available disk space
A plugin or theme with a known vulnerability is installed
High Severity Scan Alerts
Your server IP is listed on a spam blocklist
A post title has suspicious content (e.g., a script tag)
A Blocklisted URL was found in a post
A Scan was aborted due to reaching time limit
The “How does Wordfence get IPs?” setting is misconfigured
You have less than 20MB available disk space
Your DNS records have changed
A non-administrative user with a weak password has been found
A WordPress core, plugin, or theme file has been modified from the repo version
A WordPress option containing a blocklisted URL has been found
Publicly accessible quarantined files were found
An unknown or suspicious admin user has been found
A WordPress core update is available
Directory listing is enabled
Your web server exposes the document root (full path disclosure)
Medium Severity Scan Alerts
Your Site is running an unknown Core version of WordPress
Your site is running an older version of PHP (5.4 or below) that is incompatible with Country Blocking
If you are no longer receiving Wordfence emails from your site, a common reason is that your email server’s IP address has been added to a blocklist, and your WordPress site emails won’t be received by many other people, including you.
You can look up your site’s domain or IP address, to see whether it’s on a third-party blocklist/blacklist at this URL:
Enter your WordPress site’s IP address or domain, and if you see it listed on an email blocklist, contact your hosting provider for further instructions.
If your site is not on a blocklist, you can also use the “Send a test email from this WordPress server to an email address” option at the bottom of the Diagnostics page on the Wordfence Tools menu, to test if a simple message will be delivered. If that test message is not delivered, your host may need to investigate the issue.