How-To: Respond to Wordfence Alert Email Messages

If you have set up a WordPress instance in your Davidson Domains space, and if you're running Wordfence (which you definitely should be), when it discovers problems, Wordfence will usually message you by email, with a subject line like "[Wordfence Alert] Problems found on yourdomain.com". You should respond to these messages promptly and address the reported errors. Follow these steps:

  1. Open domains.davidson.edu, and click Dashboard.
  2. Login as usual.
  3. Click My Apps.
  4. Locate your WordPress instance in the list. Before continuing, make a backup of your site by clicking the Backup button.
    mceclip2.png
  5. On the Backup screen, accept the default settings and click Backup. Wait for the progress bar to report that the backup is complete before continuing.
  6. Now click the link to your WordPress instance's admin page (this will be the link ending in /wp-admin/).
  7. Locate and click the Wordfence entry in the left-hand navigation column. If the WordPress instance has Wordfence-flagged security issues, there will generally be a notification icon to the right of the Wordfence label, as shown below.
    mceclip0.png
  8. Clicking the Wordfence label pulls up the Wordfence dashboard. There, find the Notifications section and see what's reported. It will typically look something like this:
    mceclip1.png
  9. Click a listed item to open the Scan page, and scroll down to see the scan details.
    mceclip3.png
  10. Click an item in the list to see its details. In the example shown, an automatic update has left some files lying around that pose a potential security risk (not uncommon), and should be deleted.
    mceclip4.pngBelow the details, you will see available options for handling the reported problem. In this case, the options are to View or Delete the file, or to mark the error as Fixed. If you're unsure what the file is, you can use View File to get a quick look at it (although unless you have deep code expertise, this will probably be of limited utility). If Wordfence detects a security risk in a file that it knows to be important to WordPress, you may see an option to attempt to Clean the file as well. You can try this and rescan to see if it fixes the problem. In this instance, the file is known to be noncritical, so the simplest option is just to delete it by clicking Delete File. When Wordfence reports success, click Close.
  11. Repeat the procedure for each reported error. You may also elect to look through the list and handle all reported errors the same way by clicking Delete All Deletable Files.
  12. Once the list of reported errors is empty, click Start A New Scan. If the new scan returns additional errors, correct them and rescan until no errors are reported.
    mceclip5.png
  13. Return to the WordPress dashboard and visit your site to make sure everything is correct.

Note: Depending on the specific issues Wordfence finds, you may have different or additional options for dealing with them. Wordfence is pretty good about explaining what each option means, but if you get stuck or aren't sure what to do, contact ti@davidson.edu for assistance

Request Help