Support » Plugin: iThemes Security (formerly Better WP Security) » Email Notifications (Erratic or Not Working)

  • Need help with the following:

    (1) Email Notifications

    We have set up your plugin to issue Security Digest email reports on a daily basis. Unfortunately, we are not receiving any or receive them at random (e.g., Tue, Friday, then no emails for a week or two, etc.)

    * Our Environment *

    – Using Real Cron (Trigger Set to Every 30 Minutes)
    – WP Cron Disabled
    – ITSec Cron Disabled
    – Using WP Mail SMTP plugin (functional, working)
    – No issues with other plugins capable of sending emails
    – Using SG Optimizer and WP Rocket
    – Rest API set to “Restricted Access”
    – The following databases are truncated on a daily basis: wp_itsec_dashboard_events; wp_itsec_distributed_storage; wp_itsec_lockouts; wp_itsec_logs; wp_itsec_temp)

    Need a fix. What are we doing wrong?

    (2) Daily and Weekly Security Digest Email Reports

    Your Daily and Weekly Security Digest email reports need a refresh. They only show one item (Lockouts) and nothing else. The rest is just a filler (no value). They also contain links to information that do not contribute to the security digest. Click here for details.

    We’d like to see the following in your reports for the noted period (daily or weekly):

    – Banned Users
    – No of Lockouts
    – Brute Force Attempts
    – Top 10 Offending IPs
    – Top 10 Offending Cities
    – Top 10 Offending Countries
    – Malware Scan Results (No. of Scans, No. Positive, No. Negative)
    – Any other information you deem useful

    Thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • nlpro

    (@nlpro)

    The Security Digest email is a bit complicated. However for the free plugin it will only get triggered by lockouts or changes detected by the File Change Detection module. If none of these occurred then no (digest) email is send…

    For the Pro plugin it will also get triggered by privilige escalations.

    Anyway to get rid of the “Is your site as secure as it could be?“ section add the line below to your active (child) theme functions.php file:

    add_filter( 'itsec_security_digest_include_security_check', '__return_false' );

    The other “filler” stuff can be removed but it requires some serious hacking …

    To prevent any confusion, I’m not iThemes.

    jetxpert

    (@jetxpert)

    @nlpro,

    iThemes needs to hire you. Thank you.

    Your input helped understand the email notification feature. Don’t you think the Security Digest email should be issued regardless of whether there’s been a lockout or a file change? If there’s nothing to report, then we’d like to know this as well. It would give us “peace of mind.” The report can simply state “Congratulations, no threats or lockouts detected on your website for the noted period.”

    As an option, there should be a note or knowledge-base update stating what you said. Otherwise, iThemes Security users will never know if the “daily” or “weekly” email crons are working properly.

    Anyway, hoping the developer will chime in as well and advise how he plans to fix and/or update this.

    There are some “serious, kind hackers” on stand-by that can be hired to fix this 🙂

    Again, thank you.

    Cheers!

    nlpro

    (@nlpro)

    The idea behind the Security Digest email is to minimize the amount of emails send. For the daily schedule I wouldn’t like to receive a reassurance email every day, but for the weekly schedule (once a week) I suppose I wouldn’t mind.

    jetxpert

    (@jetxpert)

    @nlpro,

    I’ll buy that. It would be best, however, to let the User decide via settings options. Fewer constraints, fewer tickets submitted.

    Cheers!

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.