Understanding the Wordfence Emails
All WordPress websites built by Juice Digital include the Wordfence security plugin. It is regarded as the worlds best security solution for WordPress.
There are two versions of Wordfence – Premium and Free. While the premium version is undoubtedly the best protection, the Free version is not far behind and offers incredible value and features for a free product. Most websites will initially be set up with the free version.
Once Wordfence is active on your new website, you will start to receive regular notification emails from your website informing you of security related issues and possible actions that may be required to keep your site safe and secure.
We set up Wordfence to send these emails to not only the owner of the website, but to us too. That way we both receive exactly the same notifications and we can monitor them and advise if action is necessary.
Types of Wordfence Notification Emails
There are 4 main types of emails that you will receive from Wordfence, each of which has a different meaning, and potentially urgency.
The ‘Wordfence Activity’ Email.
This is the most regularly received email you would receive from Wordfence. It appears in your inbox looking like this:
We would usually set this up to be sent once weekly. It is a summary of all the actions Wordfence has take to protect your website in the given time period, plus any outstanding updates required to bring your WordPress software up to date.
Most often there is nothing to be concerned with in these activity emails – they are usually just a summary of the good work Wordfence is doing to keep your site safe.
In this email you will get detailed information about how many attacks (malicious hacking and login attempts) have occurred on your website.
You will see the top IP addresses blocked:
And also the countries in which they originated:
Don’t be worried if you see a lot of blocked attacks – it just means that Wordfence is doing its job. It’s not unusual for high traffic sites to see tens of thousands of attacks in one week.
You also get information on failed login attempts by existing users:
Plus recently blocked malicious code attacks on your site:
And recently modified files on your site:
This can be used to detect unauthorised activity on your website, but is usually just the result of using ‘caching’ plugins to speed up your site.
Finally the activity email will show you a summary of what parts of your site require updates, and if any of those are security related:
We need to pay attention to security related updates and action them promptly, but as you will see below, Wordfence would have already sent us an ‘Alert’ email the moment the vulnerability is dicsovered.
The Wordfence ‘Alert’ emails
Another commonly received email from Wordfence. There are several types of alert emails – Such as the ‘Problems found’ email, which appears in your inbox looking like this:
This email is to advise us that there is a part of your website that requires an update. It could be the actual WordPress software itself, or it could be a plugin (software installed on your site for a particular purpose, or website feature).
These are the main emails we will look out for when monitoring websites for security related issues that require action.
Here is an example of how it looks:
The alert will advise you of the part of your website requiring an update, and the severity of the issue – ‘Low’, ‘Medium’, ‘High’ or ‘Critical’. Usually we would only immediately action ‘High’ or ‘Critical’ updates, and leave ‘Medium’ and ‘Low’ to a later date for routine maintenance.
‘High’ severity would ordinarily mean there is an update for a part of your site that contains some security related fixes – We would do these as soon as possible.
‘Critical’ usually means that there is a part of your site requiring updates that has a known security issue that may be subject to malicious attacks – These should be done as a matter of urgency to maintain the security of your site.
To avoid too many ‘Low’ and ‘Medium’ notifications, we would usually set Wordfence to only email us on ‘High’ or ‘Critical’.
Another common Wordfence Alert email that you may receive is the ‘User Locked Out’ email:
This can happen when a legitimate user of your website is locked out by getting their password wrong too many times, or attempting a password recovery too many times.
Or it can happen when an automated password guessing attack is happening on your website. The attackers would be locked out for the same reasons as above, or for using a username that is on your ‘Invalid Username’ list, or one that doesn’t exist at all.
It is possible to relax the amount of times a password can be incorrectly entered, and the length of the lockout, however we recommend to be strict in this regard to be on top of automated login attacks.
Here is an example of how the ‘User Locked Out’ email would look:
We would also set up Wordfence to advise when a user (you can select admin, non-admin or both) logs in to the website. While not really a high concern in terms of direct security issues, it can be a handy notification to have.
This is how the Admin login email looks in your inbox:
And this is what to expect it to look like:
Other Wordfence ‘Alert’ emails can include when Wordfence is deactivated, or its Firewall is turned off… Both serious actions that can leave a website vulnerable to attack.
Or Wordfence can send an alert when there is a large increase in attacks on your website. Usually nothing to worry about, but good to know regardless.
So that’s the short version of what to expect in your inbox now that Wordfence is protecting your WordPress website. Mostly the emails you will receive will require no action and are merely advice of what is happening on your site.
Occasionally there may be some that require action… if your new site has been designed by us then we are monitoring these on your behalf and will be in touch if anything requires attention to keep your new website safe and secure.
If your WordPress website isn’t currently running any security software, and you need the peace of mind of knowing your website is protected, then we can help – Get in touch and Get your investment protected.