Alerts for Malicious Code

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author WFMattR

    (@wfmattr)

    On the Wordfence options page, “Enable automatic scheduled scans” is on by default, and is the best way to find malicious code. You can check the “Scan” page on the Wordfence menu, to see the results, and if you’ve entered your email address in the Wordfence options already, you should get email notices if malicious code is ever found — or for plugin, theme, and core updates, which can be very important to prevent security issues.

    The “Recently modified files” list in the summary email can be helpful if you see files changed that you did not change yourself, but it may just show a few versions of the most recent images you’ve added to the site or plugin files that you’ve recently updated.

    Let us know if you have any other questions!

    -Matt R

    Thread Starter tapper65

    (@tapper65)

    Hi Matt
    Thanks for the info that is very useful. Do you know how long the alert messages stay on the Scan page? In other words, will we always be able to see a history of issues on the site or do they get removed after a period of time?
    Thanks again

    Plugin Author WFMattR

    (@wfmattr)

    I believe the scan log is cleaned up daily, if the log is over a certain length. In most cases, you’ll probably have 1-3 days of logs, but it depends on the amount of files on the site and the options you have set in Wordfence.

    If you want to maintain a history of what has been reported, the best way is probably saving the scan result emails.

    -Matt R

    Thread Starter tapper65

    (@tapper65)

    ok ive just had a look and cant find how to save scan results to email. Is this available on the free version and if so how doI implement it? Appreciate your help with this Matt
    Thanks

    Plugin Author WFMattR

    (@wfmattr)

    Normally it’s on by default, so just check on the Wordfence options page, and be sure “Where to email alerts” is enabled, and that in the list of alerts below, “Alert on critical problems” and “Alert on warnings” should be enabled — then save the options.

    You should only get an email when a problem is reported, and no email should be sent if the scan completes without any issues.

    To test emails, you can use “Send a test email from this WordPress server to an email address” near the bottom of the options page. If there is an error mentioned when sending, or if you don’t get the email from the test, let me know.

    -Matt R

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Alerts for Malicious Code’ is closed to new replies.