Email alerts quickly inform you of security related events on your site.

Wordfence watches activity on your site, both via the Scanner and the Firewall. Alerts are sent out via email. The recipient email of these alerts is configured when Wordfence is installed and can be changes via the General Options on the Global Options page.

The Wordfence alert function uses the built in WordPress email function, which in turn uses the PHP mail function on your server. If you are using an SMTP plugin that overrides WordPress built in email function, that will be used for sending the alerts.

Wordfence can alert when someone is locked out from login, when users sign in to your website or when there’s a large increase in attacks. You can configure these alerts under Alert Preferences on the Wordfence Global Options page.

When configuring alerts you can choose the lowest severity of alerts that you’d like to be notified for. Wordfence will send an alert for each new issue of that severity or higher that is found in automatic scheduled scans, unless you have disabled email alerts from individual sites in Wordfence Central. You can find more information about scan results here.

Critical Scan Alerts

  • Your Site’s URL is on a domain blacklist
  • Your Site is spamvertizing
  • A file matching a Malware signature or containing a URL on domain blacklist was found
  • A publicly accessible config or backup file was found
  • A plugin removed from the repository is installed
  • The Web Application Firewall is disabled
  • An administrator or editor with a weak password has been found
  • You have less than 5MB available disk space
  • A plugin or theme with a known vulnerability is installed

High Severity Scan Alerts

  • Your server IP is listed on a spam blacklist
  • A post title has suspicious content (e.g., a script tag)
  • A Blacklisted URL was found in a post
  • A Scan was aborted due to reaching time limit
  • The “How does Wordfence get IPs?” setting is misconfigured
  • You have less than 20MB available disk space
  • Your DNS records have changed
  • A non-administrative user with a weak password has been found
  • A WordPress core, plugin, or theme file has been modified from the repo version
  • A WordPress option has containing a blacklisted URL has been found
  • Publicly accessible quarantined files were found
  • An unknown or suspicious admin user has been found
  • A WordPress core update is available
  • Directory listing is enabled
  • Your web server exposes the document root (full path disclosure)

Medium Severity Scan Alerts

  • Your Site is running an unknown Core version of WordPress
  • Your site is running an older version of PHP (5.4 or below) that is incompatible with Country Blocking
  • An abandoned plugin is installed
  • A plugin has an update available
  • A theme has an update available

Low Severity Scan Alerts

  • A Blacklisted URL was found in a comment

Frequently Asked Questions

  • Not receiving emails from Wordfence plugin

    If you are no longer receiving Wordfence emails from your site, a common reason is that your email server’s IP address has been added to a blacklist, and your WordPress site emails won’t be received by many other people, including you.

    You can look up your site’s domain or IP address, to see whether it’s on a blacklist on this URL:

    Enter your WordPress site’s IP address or domain, and if you see it listed on an email black list, contact your hosting provider for further instructions.

    If your site is not on a blacklist, you can also use the “Send a test email from this WordPress server to an email address” option at the bottom of the Diagnostics page on the Wordfence Tools menu, to test if a simple message will be delivered. If that test message is not delivered, your host may need to investigate the issue.