WordFence Update Notification emails

  • Resolved rogerpoole

    (@rogerpoole)


    4 months, 1 week ago

    I get emails from several sites that I set up ages ago about various plugins needing updates etc.
    I don’t have login information to these sites. I don’t know the present owners or clients to these sites. It’s been close to 10 years. I have asked one of those sites owners, but the present person updating the site was not helpful. Honestly, I don’t think they’re aware of any security plugins on their site.

    I do get an email from a client’s wordpress site where I still admin with a link to stop notifications.
    https://www.sitename.com/blog/?_wfsf=removeAlertEmail&jwt=long hash here.

    I am wondering if there’s an option to discontinue these old site notifications just by creating this url and hitting it. What does the jwt hash signify?

    • This topic was modified 4 months, 1 week ago by rogerpoole.
    • This topic was modified 4 months, 1 week ago by rogerpoole.
    • This topic was modified 4 months, 1 week ago by rogerpoole.
Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @rogerpoole, thanks for getting in touch.

    Like you say, the link stating No longer an administrator for this site? Click here to stop receiving security alerts would be the best scenario as the JWT token can’t be generated to “spoof” the link for other domains. The likelihood would be that the versions not sending this link are too old for that to work even if you could.

    When the version of Wordfence is particularly out of date or you are unable to contact the administrator, the best course of action is setting a rule to direct these emails to another folder so that they don’t appear in your inbox. Please do not mark these emails as spam, as this may affect trusting of legitimate Wordfence emails going forward should you be involved with any sites running it in the future.

    I will also mention that it’s been heard of (but rare) for sites that no longer exist, or have been moved to a different host to still be sending out emails from the old host. If you suspect that may now be the case with any of your older sites, the site directory running PHP/WordPress will be active somewhere running crons – so normally the host needs to be contacted to make sure the site has been deleted properly.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.