Firewall Block Alert

Hi,

Yes, this option is still there (under the Firewall > Firewall Response).

Can you check your Activity Log to see if there were any Firewall block logs in there, please? You can filter by “Firewall Block” events.

If there are such events and you have firewall email alert option enabled but you are not getting these emails, than the problem is likely with email delivery.

Unfortunately, this is a common issue we see very day…

Shield wouldn’t affect the sending/receiving of emails. Whether or not emails gets send from your site are entirely out of Shield’s control and sending is never interrupted by Shield. It’s important to take full control of email sending on a WordPress and not rely on WordPress itself to send emails via your web server.
Please review your email provider settings and ensure that it’s configured properly.

Some email providers have gotten more strict with their email delivery you should know about:
https://convertkit.com/resources/blog/new-google-yahoo-email-rules-2024

Hope you find this helpful in some way.

Jelena

Hi, I would conduct a deep check on all the measures i’ve set on shield security on my site again which includes the check on the enable-ment of the firewall alert option as well [in case if i tweaked it].

Just to share with you, In regards to email deliverability, i’m well aware of the wordpress default email sendouts and deliverability issue which basically uses phpmail to send default emails, therefore, i do not utilize that function. Instead, I utilize a reliable plugin that is regularly updated, developed and maintained by the same team and service provider of my mail service. Somehow, The plugin and mail service works a little different than the usual smtp plugin and configuration. Instead, This plugin [My utilized plugin] ensures both [solid clear transparent deliverability and security] where it works in such a way where it comes with a one time complex configuration that requires the authentication consists of client id, secret and authorised delivery url which is accomplished within OAuth2.0?protocol to access my mail providers API. The entire proccess ensures no restriction in deliverability and a secure sense of authentication where not even the username or password associated with the email is configured to send out emails are stored on the site or root database of the site which consequently even ensures lowest amount of damage imposement by bad actors in case of ability to penerate into the site in any event which ensure the email can’t be used for pishing or misuse.

My entire domain ecosystem is set in such a way to seamlessly integrate within each and other regardless of any function and aspects which primarily comes to security where dual network layer (In premise and Cdn based] as the first layer, application layer [Your – Shield security] and server layer security has to work within each other to achieve the optimum level of defense without compromising [Blocking, Restricting] each others functions in any case on every update.

• This reply was modified 9 months, 3 weeks ago by KARAM SIDHU.

As Jelena said, could you please check your Activity Logs for firewall blocks and see if there were actually any blocks.

Secondly, Shield will log attempts to send email if your Activity Log is set to log info events. Please turn that on so you can see if emails are attempted to be sent.

Hi, I had conduct a detailed check and found:

In Real-Time: There is no issues with my email service and its deliverability as i am able to receive emails in overall from the site as intended regardless of from where the emails are prompted/pushed from such as from other plugins or default from wordpress itself without any delay, except for the firewall block alert emails.

In Back-Logs: I found that the firewall block alert emails are not being logged at all when checked over all related Event Logging facility which consists of Web Activity Logs, Mail Server Logs and Shield Security event Logs which consequently means the firewall block alert option emails itself are not even being prompted out by the plugin itself.

The alert option is enabled as per how it should. I had even disabled the option and completely purged cache from both – site level [Plugin] & network level [Cloudflare], and then re-enabled the option, yet still the same.

Somehow, I realize that this email deliverability notification issue only occurs on the Firewall block alert option where no emails are being received over the set email address over user block and it does not occur on other options on Shield that send and notifies via email as well [I am able to receive Shield Login Alert emails and Shield Report emails].

Any update on the matter raised?

We have asked several times for you to check whether there were actual firewall blocks being recorded in the Activity Log.

You haven’t answer this question.

Please do the following:

• Go to Config > Activity Log. Enabled info option under Log To DB setting
• For the next few days review your activity log and search under the “Event” field for “firewall”.
• If you find an event, please make a note of the timestamp.
• Then search for “email sent” under events and see whether an email was sent from Shield at the same time as your firewall block

Yes. It is recording those blocks. It is definitely being recorded otherwise i wouldn’t know that there are users being blocked from accessing. This is when i came up with the idea to start a thread here on regards to this matter, because, i realised that users are being blocked but then no emails are prompted to me on the blocks.

In regards to monitor if emails are being logged, No it is not being logged even with the option enabled. This was also checked previously and i’ve updated here [Refer thread number 5 – Detailed check].

While waiting for a reply, I did a test yesterday which was by violating the login attempt limit that i’ve set to purposely get blocked so that i can check if i am able to receive emails now. But No, I still don’t receive it. I was prompted to a shield security block page – I was blocked and the block was logged, but then again no email was sent to me and there is no event logged for email sendout.

I think from what you’re saying there is some confusion. Shield doesn’t send an email when an IP address is blocked. Emails are only sent when Firewall block is enforced. This is explained here:

https://help.getshieldsecurity.com/article/334-firewall-block-response-options-explanations

Emails are only sent for very specific events. This is an option within Shield that goes back many years, so we’ve left it as is because some members like it. But we don’t send emails when IP addresses are added to the blocklist and the user sees a block page.

This is why I asked you to check the Activity Log. Please send us a screenshot of your activity log for a Firewall event.

I am trying to understand this .. The violation on the login page over consistent login attempts [Brute Force] isn’t a part of the firewall Block?

Can you assist in listing 1/2 events which would cause the enforcement of firewall block in your mean [Which would trigger the email sendout] so that i can try it out to check if it is working as intended on my site?

You are correct that login attempts blocking isn’t part of the blocks that fall under the “firewall module“. Please look under Config > Firewall for details of options that pertain directly to the firewall module.

Please search for event Firewall Block on the Activity Log table using the event search filter.

It’s completely wasteful and impractical to send emails every time something like a failed login occurs on a site.

If you need any further support for Shield Security, please consider upgrading your membership here. We offer priority support to members that support our work.

If you don’t want to do that, you can search our helpdesk for more information.

I got it.

On top of that, I’ve tested the email alert by purposely triggering a firewall rule and yes, I am able to receive the firewall block alert email accordingly as per how it should.

Anyways, thanks for your clarification over the matter. Appreciate it.

I’ll mark this thread as resolved.