Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Email Alerts

VMP Security can email a security contact when noteworthy events happen on the site. All alert configuration lives on a single page: VMP Security → All Options → Email Alert Preferences. There is no separate “Alerts” sub-page.

In This Article

Where alerts go

Set the recipient address (or comma-separated list of addresses) in the Where to email alerts field on the All Options page. Use a shared inbox or distribution list rather than a single person’s address so alerts continue to reach someone if a team member is on leave.

Alerts are sent from WordPress’s configured admin email by default. Some hosts require the From: address to be on a domain you control; if your alerts are not arriving, check the host’s outbound-mail policy first.

Events that can trigger an alert

Each event below has its own checkbox in the Email Alert Preferences section. Defaults are listed in parentheses.

  • Plugin auto-update (off by default).
  • VMP Security plugin deactivation (on).
  • Web Application Firewall is disabled (on).
  • Scan finished with findings, at the configured severity or higher (on, with the severity threshold below).
  • An IP address was blocked (on).
  • A user was locked out by Brute Force Protection (on).
  • A user used a known-breached password (on).
  • A lost-password attempt was made (on).
  • An administrator signed in (on).
  • An administrator signed in from a new device (off — turn on for a stricter audit trail).
  • A non-administrator user signed in (off).
  • A non-administrator user signed in from a new device (off).
  • An unusual increase in attacks was observed (on).

Scan severity threshold

The Alert me with scan results of this severity level or greater dropdown chooses how aggressive the scan-finding email is. The four levels match the scanner’s severity rating system: Critical, High, Medium, Low. Setting it to Low means every finding produces an alert; setting it to Critical means only the most severe findings do. The default is Low; raise the threshold if scan emails are too noisy.

Rate limit

The Maximum email alerts per hour field caps how many emails the plugin will send within a one-hour window. Once the cap is hit, additional alerts in that hour are silently dropped. 0 means no cap. A small cap (10–20) is a useful safety net during sustained attacks where every block would otherwise generate a notification.

Tuning alerts to reduce noise

If you find yourself ignoring alert emails because they arrive too often, the alerts have stopped doing their job. Practical adjustments:

  • Turn off Alert when an IP address is blocked on busy public sites — rely on the unusual increase in attacks alert instead, which only fires when something is genuinely out of the ordinary.
  • Raise the scan severity threshold from Low to Medium or High.
  • Set a maximum of around 10 alerts per hour to limit the worst-case email storm.
  • If you operate many sites, connect each to VMP Security Portal and let the per-site emails carry only critical alerts.
Contents