Wordfence Alerts/Activity

  • Hello,
    Any emails notifications from WordPress and Wordfence are getting placed in my spam folder. I have been working with my host to correct this problem. Apparently my shared server has been blacklisted for email spamming.

    My host has recommended two options:
    1) Re-configure your script to send mail via SMTP mail instead.
    2) Google fetch method.

    From a Security/Wordfence perspective, which option do you recommend?

    Do you have any other recommendations or concerns?

    I have been logging in/out of my WordPress site to receive a Wordfence “Admin Login” alert email to monitor/test the methods above to see if my emails are still placed in the spam folder. Wordfence is emailing a login alert for my first login, but not any subsequent logins. I’m assuming Wordfence waits a certain time period before sending another “Admin Login” alert email. Just curious, what is that “Time Period” that must pass before another email login alert is sent out??

    Thanks
    Clint

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hi Clint,
    I’m not sure what it’s meant by “Google fetch method”? Google Apps maybe? but using SMTP sounds good, you may need to check “WP mail SMTP” plugin regarding that.

    Regarding the “administrator login” email notification, I think you were using the same browser and just logged out then logged in again, right? the plugin won’t send two identical email alerts in a row, for instance, try the following:
    – Log in your browser using admin account and you will get the notification email, then logout.
    – Using your cellphone, try to login and you will get another notification email. (different IP address in this case).
    – Try to relogin using the browser again and you will get another email notification. (same IP but there was another alert before this one).

    P.S. I suggest using “Send test email” in (Wordfence > Diagnostics) for testing purposes.

    Thanks.

    • This reply was modified 8 years, 4 months ago by wfalaa.
    Thread Starter cwdv

    (@cwdv)

    Hello wfalaa,
    Below is a url from my host regarding the Google Fetch Method. As a basic description it states:

    Google Mail Fetcher is easy to set up and free to use. It uses POP3 to pull all the contents of an email box into Gmail and then parses the emails for spam. Mail Fetcher can download messages from up to five other email accounts, allowing you to centralize all your email in Gmail.

    https://support.hostgator.com/articles/specialized-help/email/3rd-party-client-setup/google-mail-fetcher

    If you don’t have any specific concerns regarding either option, then at this point I plan on using the “WP Mail SMTP” plugin. The only thing I don’t like about this option is that I am adding another plugin to my site.

    Thanks again,
    Clint

    • This reply was modified 8 years, 4 months ago by cwdv.

    Thanks Clint for letting me know about “Google Mail Fetcher”, I would recommend this method actually instead of using SMTP plugins, because the latter will store the SMTP password as a plain text in the database, so if your website is hacked, the attacker will have access to your SMTP username/password easily from the database.

    Thanks.

    • This reply was modified 8 years, 4 months ago by wfalaa.
    Thread Starter cwdv

    (@cwdv)

    Thanks for the helpful insight. In your response you mention, if my website is hacked the attacker will have access to my SMTP username/password.

    I assume that would give them access to send out spam from that email account. Does knowing my SMTP username/password pose any additional security risks?

    Thanks again,
    Clint

    If someone managed to connect to your mail server via SMTP he would be able to send/receive mails just as you do. I think it depends on how important is this email for you and do you use it for other services or not? I suggest reading this article to take a closer look about what mail server hacking could lead to.

    Thanks.

    Thread Starter cwdv

    (@cwdv)

    Thanks very much for that information. That makes a lot of sense. Currently my only reason for using SMTP is to get my Worpress/Wordfence notifications out of my spam folder.

    Just wondering,

    1) Assuming I choose a strong email account password, what are the chances that my email account could be compromised?

    2) If my email account were compromised, would that give them access to my WordPress Website?

    3) Is the “WP Mail SMTP” plugin a plugin that concerns you regarding any code vulnerabilities other than what you mention with the password/username being stored in plain text in the database?

    Thanks again for your help,
    Clint

    1- First, you will need to make sure you “really” chose a strong password, I suggest checking “Password Security” section at our learning center to know more details about how to choose a strong password and how passwords are cracked.

    Then, take all necessary precautions to ensure the security of your working environment, you could find some nice tips in this article “How to Secure Your WordPress Working Environment“.

    2- If you are referring to my concern mentioned earlier in my previous reply, then the attacker has already hacked your website ??
    In general, it depends on many factors, for example: what if you are using the same email address as your WordPress administrator email? someone can easily request a “Forget Password” link to this email, hence getting access to your website, the risk could be increased if it was used as your hosting account email address as well, or in any other services (PayPal, Domain registrar, etc…), so it mainly depends on how you are using this email.

    3- Actually, at the time of writing this reply there is no known vulnerabilities identified for this specific plugin, so I would say no. (at least for now).

    Thanks.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Wordfence Alerts/Activity’ is closed to new replies.