Emails being sent from the wp-security plugin

It is completely normal for the iTSec plugin to send emails.

However when the iTSec plugin is fully operational it can generate a LOT of emails … (certainly when your site is under attack or the scheduled Database Backup is failing).

Enabling the “Send digest email” setting in the Global Settings section of the iTSec plugin Settings page

“will reduce the emails from this plugin to no more than one per day for any notification.”

Alternatively disable the “Enable Scheduled Database Backups” setting in the “Database Backup” section of the iTSec plugin Settings page.
Or change the “Backup Method” setting to “Save Locally Only”.

If the above info answers your question please mark this topic as ‘resolved’.

dwinden

This plugin should not be sending mails to these ids. All these email ids are never created by me and All these names are Non-Indians name.

In that case it looks like your WordPress env has been compromised.
And the attackers are probably abusing or attempting to abuse the iThemes Security plugin to send spam.

As a short term solution remove any unknown email addresses from the “Notification Email” setting in the Global Settings section on the iTSec plugin Settings page. This will at least decrease the number of emails send (but it will not entirely stop it).

Then scan\cleanup your WordPress env and find out how the env was compromised to prevent being hacked again.

dwinden

[email protected]
[email protected]
All these email ids are never created by me and All these names are Non-Indians name

It seems that your control panel login credentials compromised.

• Don’t login to https://yourdomain.tld:2082 or https://yourdomain.tld/cpanel or name_server.tld:2082. All these are unsecured.
• Instead login to your cPanel using secured url. Like https://yourdomain.tld:2083 or https://yourdomain.tld/cpanel or https://name_server.tld:2083.

Browser warns this connection is untrusted. Click on I understand the risks. Again click on Add exemption. A popup comes out with add security exemption. Confirm Security Exemption. Now You get secured connection to your cPanel.

Verify mails section of your control panel. Just adding an email to the iThemese security plugin option, hacker don’t see them. Hacker might be succeeded to login to your cPanel and then to mail section. Hackers redirect incoming mails received by such fake mails to their mail server or other free emails where they can see them. First verify if any DNS records were changed for emails and redirection if any found in mails section.

If you found any thing suspicious, then remove all those emails and redirections. And revert your mail server DNS settings to previous one by getting assistance with your hosting provider. If you don’t find any suspicious changes, for just security reason, immediately change cPanel, FTP and WordPress site’s credentials. Next clean up your wordpress site.

If the above said emails were not created by site admin, It can be sure that one of the credentials (cPanel, FTP or WordPress site) were compromised.

1) i have changed all passwords, cpanel, my email address.
2) changes used email address in i themes security

I have tried sending mail to [ redacted, don’t post email addresses in these forums. ] . i have received it.

I hope this are sufficient actions. Please let me know if any thing else is required?

1. Always use secured connection (SSL URL) to your cPanel.
2. Always check last login in cPanel
3. Some plugins (like Sucuri scanner) offering last login feature for wp sites. If you wish, u can install such plugins along with iThemes Security, and do verify last logins. These two plugins don’t have any conflicts in my experience. And one is not substitute for other.
4. If possible use http authentication to your login url, if site is not having any subscribers.
5. Last but not least, do spend some time on this forum. So that, u can excel in word press.

Have a great day.

With Regards,
B.V.RammannaRaau

Thanks for resolution