If you’re wondering how to turn off Wordfence email alerts, you’ve probably got a new installation with all the defaults. The number of emails can be a little overwhelming. Wordfence keeps you informed of nearly everything, which may not be necessary.
This is a quick guide to accessing the Wordfence email alerts settings, and some tips on which you may want to disable.
Of course, you are increasing risk by disabling any setting. But when my younger websites aren’t generating revenue, I balance the risk with not having much to lose.
Where Are The Wordfence Email Alerts Settings?
The Alerts settings are on the “All Options” page. There’s a link under the Wordfence menu that opens the page directly. I’ve highlighted it on the left in this picture.
You’ll need to scroll down a little to get to the “Email Alert Preferences” section. When you expand this section, you’ll see a lot of settings (look above). And most of the settings are enabled by default.
Why Is Wordfence Flooding You With Emails?
If you’ve never seen the traffic to a new WordPress website, you may get an unpleasant surprise by what WordFence reveals.
It’s an unfortunate fact of life that bad actors are monitoring for new domains and WordPress sites. They will send traffic that tries to log in to your WordPress installation using standard logins like “admin” and a variety of passwords.
Bot blocking and login attacks
The WordFence plugin protects you by blocking IP addresses for suspicious activity. And by default, the plugin will send emails to tell you the action that it’s taken.
If you want to learn more, here’s an article on how Wordfence limits login attempts. And this article is on how Wordfence stops bots.
I’ll get to the options that I tend to disable in the next section.
To illustrate my point here, I returned my Wordfence installation to the default options on three new-ish WordPress sites that I manage. One of them is a week old. The domains are hidden in this screen capture of my emails, but I can tell you that Wordfence sent me several email alerts for all three websites within a 70-minute window.
Every email refers to Wordfence locking out an IP address due to repeated failed attempts to log into your WordPress installation.
That’s actually a single alert setting that is whizzing out these emails. The thing is…this is usual internet behavior. There’s not much I’m going to do about it on a small site, other than be grateful that I’ve got Wordfence installed and taking action.
My Choices For Disabling Wordfence Email Alert Options
These are my personal choices for new websites that aren’t generating much revenue. This may not be right for you, but it can be useful to see what other administrators do.
I keep options enabled to ensure I’m notified when:
- Wordfence is deactivated
- The Wordfence Web Application Firewall is turned off
- When there is a large increase in attacks
These are the settings that I usually disable on a young site, when I don’t want to receive emails when:
- An IP is blocked
- Someone is locked out due to failed login attempts
- An administrator logs in
I also choose to raise the threshold for being alerted by scan results. There are four levels of severity: low, medium, high, and critical. The default setting is low. I bump it up to medium.