Short Answer

Don’t worry about it 🙂 Ignore the email alerts.

Long Answer

We set all of our clients up with a security plugin for their WordPress websites (unless their host already provides security, like WP Engine). Currently this is WordFence.

This provides you with a “firewall”, which is basically a fence around your site that makes it harder for hackers to hack your website.

It also provides you with a “login monitor”, which blocks people trying to break into your site via your login.

If you have your email address set in the settings of WordFence you will get security alerts. You can simply delete your email address from the notification setting if you don’t want the emails.

Types of Alerts

WordFence sends out four types of alerts:

  1. When attempted hacks are blocked.
  2. When bad login attempts are blocked.
  3. When your website has updates available.
  4. When it thinks it has found suspicious files in your website.

We Ignore the Email Alerts

We don’t pay any attention the email alerts. Here’s why:

  1. Hacking attempts happen all the time. The plugin is doing it’s job, which is all we care about.
  2. Updates are available almost daily/weekly in WordPress. Simply set a regular time to update your website. (we recommend hiring us to do it every 2-3 months)
  3. The suspicious files it finds are 99% false positives, files that are actually legit.

Of course, anyone with the bandwidth to diligently inspect and monitor their website 24/7 can do so, but we consider it not worth our time so long as good security measures are in place.