Email alerts quickly inform you of security related events on your site.

Wordfence monitors activity on your site, both via the scanner and the firewall. Alerts are sent out via email. The recipient email of these alerts is configured when Wordfence is installed and can be changed under the “General Wordfence Options” section on the “Dashboard” > “Global Options” page.

The Wordfence alert function uses the built-in WordPress email function, which in turn uses the PHP mail function on your server. If you are using an SMTP plugin that overrides the WordPress built-in email function then that will be used for sending the alerts instead.

Wordfence can alert you when someone is locked out from login, when users sign in to your site, or when there is a large increase in attacks. You can configure these alerts under the “Email Alert Preferences” section.

When configuring scan alerts, you can choose the lowest severity of alerts that you would like to be notified of. Wordfence will send an alert for each new issue of that severity or higher that is found in automatic scheduled scans, unless you have disabled email alerts from individual sites in Wordfence Central. You can find more information about scan results here.

Critical Scan Alerts

  • Your site’s URL is on a domain blocklist
  • Your site is spamvertizing
  • A file matching a malware signature or containing a URL on a domain blocklist was found
  • A publicly accessible configuration or backup file was found
  • A plugin removed from the repository is installed
  • The Wordfence firewall is disabled
  • An administrator or editor with a weak password has been found
  • You have less than 5MB of available disk space
  • A plugin or theme with a known vulnerability is installed

High Severity Scan Alerts

  • Your server IP is listed on a spam blocklist
  • A post title has suspicious content (e.g., a script tag)
  • A blocklisted URL was found in a post
  • A scan was aborted due to reaching the default three hour scan time limit
  • The “How does Wordfence get IPs?” setting is misconfigured
  • You have less than 20MB of available disk space
  • A non-administrative user with a weak password has been found
  • A WordPress core, plugin, or theme file has been modified from the repository version
  • A WordPress option containing a blocklisted URL has been found
  • Publicly accessible quarantined files were found
  • An unknown or suspicious administrator account has been found
  • A WordPress core update is available
  • Directory listing is enabled
  • Your web server exposes the document root (full path disclosure)

Medium Severity Scan Alerts

  • Your site is running an unknown core version of WordPress
  • Your site is running an older version of PHP (5.4 or below) that is incompatible with Wordfence country blocking
  • An abandoned plugin is installed
  • A plugin has an update available
  • A theme has an update available

Low Severity Scan Alerts

  • A blocklisted URL was found in a comment

Frequently Asked Questions

  • Not receiving emails from Wordfence plugin

    If you are no longer receiving Wordfence emails from your site, a common reason is that your email server’s IP address has been added to a blocklist, and your WordPress site emails won’t be received by many other people, including you.

    You can look up your site’s domain or IP address, to see whether it’s on a third-party blocklist/blacklist at this URL:

    Enter your WordPress site’s IP address or domain, and if you see it listed on an email blocklist, contact your hosting provider for further instructions.

    If your site is not on a blocklist, you can also use the “Send a test email from this WordPress server to an email address” option at the bottom of the Diagnostics page on the Wordfence Tools menu, to test if a simple message will be delivered. If that test message is not delivered, your host may need to investigate the issue.