This is a list where you'll find some of the most common error emails that you'll receive from your WordPress website. It's a useful resource if you want to cure an error on your own or want more information before contacting a professional. Click on the error to expand it.
This is an automated error email is sent out if WordPress detects a technical issue with your website. The issue could be temporary or permanent.
There is a recovery link that expires in a day and can be used to access the back end of your website safely.
It lists information to be given to your support team (and if you don't have a support team please ">contact us) such as WordPress version, active theme, current plugin (usually the plugin with the issue) and your PHP version.
It also lists the error details such as the plugin that caused the issue and the line code where the issue happened.
Don't worry is this doesn't mean anything to you since it will mean something to your support team.
The subject of the email is [Wordfence Alert] Problems found on [your website domain]. The image below shows how the email will look – however the names of your domain and the plugin domain will not be pixelated.
If it's a medium severity error that can include letting you know that a plugin on your website needs updating. This is important because outdated plugins can be a security risk.
To do this you can log into the back end of your website, do a backup (always do a backup before doing updates) and then after the backup has completed successfully you can update the plugin.
Check that your website is looking and performing the same as before the update.
This email from Wordfence is alerting you that Wordfence itself has been deactivated on your website. If you did this yourself for some reason, then you would know that. However, if it’s someone else that shouldn’t be deactivating the Wordfence plugin then it’s something you need to investigate.
The image below shows you the layout of the email.
It tells you the username of the person that deactivated the plugin, their IP address, their hostname and the user hostname location. The user hostname location can be the same as the user location but not always. For example my user hostname is in Adelaide and I’m not but the user location still says Adelaide for me.
If the username is not yours, then contact that user urgently to see whether they did do this or whether someone has hacked into your website.
The subject of the email is “[www.yourdomain.com.au] Too many failed login attempts”.
The email contains information like this:
8 failed login attempts (2 lockout(s)) from IP: xxx.xxx.xx.xx
Last user attempted: admin
IP was blocked for 24 hours
This email means that someone was attempting to enter the back office of your website by using the username that’s in the email – in the above example the user name is admin.
The IP address (which would have actual numbers rather than xxx) is where they are located when trying to login to your website.
The message that the IP was blocked for 24 hours means that they cannot try again for 24 hours.
Programs used by hackers will keep trying to login for many hours so this prevents that repeat access for a set amount of time, which can be varied as required.
My clients do NOT have admin as any of their usernames since it’s the default that was used in the past.
WP Fastest Cache has been known to update their plugin without giving a new release. Since WordFence can be set to compare the version on your website with the version in the WordPress repository this can give an error (see WP Fastest Cache website – https://www.wpfastestcache.com/warnings/wordfence-alert/).
If your website says that this plugin has an update to perform you can perform that update or you can click on repair files to update your plugin from the repository.
This email is more of a problem than some of the other error emails and means that you need to take some action since it could be a security issue.
Any wordfence email that has the words critical problem needs to be investigated.
In this case a plugin has been removed from the WordPress repository (https://wordpress.org/plugins/). I've pixelated the plugin name in the image below but the email will state the actual plugin.
Firstly I visit the support section of the plugin page in the WordPress repository. The front page of the plugin will state that the plugin has been removed but WordPress does not state why. I wish it would even if they just had a series of categories such as Admin failure, Security investigation or something like that. Unfortunately they don't which is why I go to the support section of the plugin. If you are lucky someone else has already been there to ask why the plugin has been removed - if post I create a post asking that question.
The front page of the plugin still has the author of the plugin and you can click on there to be taken through to their website. Once there I tend to use the contact form to contact the developer.
In some cases (as in this case) it can simply be an admin issue and the plugin was re-instated within 10 minutes and all was well in the world (well in the world of that clients website).
In other cases do a search in your favourite search engine for that plugin. If it's a security issue then others tend to be discussing it online. Hopefully there are steps to rectify the issue, such as a quick update to a newly released version of the plugin and an extra scan with wordfence.
If you are on a website care plan you will not receive these emails since they will come through to me and I’ll deal with them as part of your website care plan package. Some security issues may incur charges outside of the website care plan and these will be discussed before any action is taken.
This email lists the activity that Wordfence has blocked recently. It will include the top 10 IP addresses, top 10 countries blocked, top 10 failed logins, recently blocked attacks, recently modified files and updates needed.
If you're worried about the recently changed files then set the Wordfence scan options (All settings -> Scan settings -> General options) to Scan core files against repository versions for changes, Scan theme files against repository versions for changes, and Scan plugin files against repository versions for changes. I usually also set Scan files outside your WordPress installation. Then run the Wordfence scan to see if the scan finds any changes.
Usually the activity email is letting you know that Wordfence is doing it's job.
Malcare plugin has detected malware on your WordPress website. However, Malcare does NOT tell which files have been infected and you have to upgrade to premium to have the site cleaned and to find out which files were infected.