How to Stop Annoying Sucuri Security Alerts for System Events
Content
If your inbox is being flooded with repetitive Sucuri Security alerts about post status changes, media file additions, or scheduled actions, you're not alone. This is a common point of confusion for many website administrators. This guide will explain why these alerts happen and how you can effectively manage them to reduce notification spam while maintaining critical security oversight.
Why Am I Getting These Alerts?
The Sucuri Security plugin monitors changes within your WordPress database, which includes the 'posts' table. Many plugins and core WordPress functions use this same table to store and manage their data, including:
- WooCommerce orders (
shop_order) - Scheduled actions (
scheduled-action) - XML sitemaps from Jetpack (
jp_sitemap,jp_sitemap_master) - Contact form entries from Flamingo (
flamingo_inbound) - Auto-draft posts created by the system
When these items are created, updated, or have their status changed (e.g., from 'pending' to 'publish'), Sucuri logs the event. If you have email alerts enabled for post-type changes, you will receive a notification for each one. This is not necessarily a sign of a hack; it is often just normal, automated system activity.
Common Culprits and Their Solutions
1. WooCommerce and Scheduled Actions
Alerts with titles like wc_admin_unsnooze_admin_notes or woocommerce_deliver_webhook_async are triggered by the WooCommerce Admin or related components. These are internal tasks that run frequently, leading to a high volume of alerts.
Solution: The most effective fix is to disable alerts for these specific post-types.
- Go to Sucuri Security → Settings → Alerts.
- Scroll down to the "Post-Type Alerts" section.
- Click the "Show Post-Types Table" button.
- In the list that appears, uncheck the box for
scheduled-actionand/orshop_order. - Scroll to the bottom and click "Submit" to save your changes.
2. Jetpack Sitemaps
Alerts for jp_sitemap status changes are caused by Jetpack automatically generating or updating your XML sitemap, which is a legitimate process.
Solution: Follow the same steps above to navigate to the Post-Types Table and uncheck jp_sitemap and jp_sitemap_master.
3. Flamingo Contact Form Entries
If you use Contact Form 7 with the Flamingo add-on, new form submissions will trigger alerts for the flamingo_inbound post-type.
Solution: Navigate to the Post-Types Table and uncheck flamingo_inbound.
4. Auto-Drafts and System Posts
WordPress and some page builders frequently create and delete auto-draft posts, which can generate many alerts stating "Post status has been changed... to auto-draft".
Solution: In the Post-Types Table, uncheck the post-type labeled "auto-draft".
What If the Post-Type Is Not Listed?
In some cases, the specific post-type causing the alert might not appear in the table. This can happen with certain plugins. If this occurs, you may need to:
- Identify the Source: The alert message itself names the post-type (e.g.,
scheduled-action). Search online for that term along with "WordPress" or "Sucuri" to see if other users have identified the plugin causing it. - Investigate Plugins: Temporarily deactivate plugins one-by-one to identify which one is generating the activity. Once identified, you can decide to keep the plugin but leave alerts disabled, or seek an alternative.
Important Security Note
Before disabling an alert, always verify that the activity is legitimate. Check your audit logs within the Sucuri plugin to see the IP address and user associated with the event. If the user is "system" or a trusted administrator, it is likely safe to ignore. If the IP address is unfamiliar or the activity seems malicious, investigate further before disabling alerts.
By fine-tuning your alert settings, you can ensure Sucuri Security notifies you of important security events without overwhelming you with notifications for normal system operations.
Related Support Threads Support
-
Multiple email alerts for page/post ID’shttps://wordpress.org/support/topic/multiple-email-alerts-for-page-post-ids/
-
Constant SPAM: Inbound status has been changedhttps://wordpress.org/support/topic/constant-spam-inbound-status-has-been-changed/
-
Annoying emailhttps://wordpress.org/support/topic/annoying-email/
-
Recurring Sucuri Alert on a media file being added, but can't be found!https://wordpress.org/support/topic/recurring-sucuri-alert-on-a-media-file-being-added-but-cant-be-found/
-
WooCommerce order post update notificationshttps://wordpress.org/support/topic/woocommerce-order-post-update-notifications/
-
Sucuri alerts re: sitemap_masterhttps://wordpress.org/support/topic/sucuri-alerts-re-sitemap_master/
-
Cant stop a post type alerthttps://wordpress.org/support/topic/cant-stop-a-post-type-alert/
-
Repeated e-mail alerts for “wc_admin_unsnooze_admin_notes”https://wordpress.org/support/topic/repeated-e-mail-alerts-for-wc_admin_unsnooze_admin_notes/
-
How to Decipher Sucuri Security Alertshttps://wordpress.org/support/topic/how-to-decipher-sucuri-security-alerts/
-
Message sending wc_admin_unsnooze_admin_noteshttps://wordpress.org/support/topic/message-sending-wc_admin_unsnooze_admin_notes/
-
Red alert in Settings—->Post-hackhttps://wordpress.org/support/topic/red-alert-in-settings-post-hack/
-
Constantly getting same alerthttps://wordpress.org/support/topic/constantly-getting-same-alert/
-
Alerts only on post publishinghttps://wordpress.org/support/topic/alerts-only-on-post-publishing/
-
Understand email alertshttps://wordpress.org/support/topic/understand-email-alerts/
-
Message: Scheduled-action status has been changedhttps://wordpress.org/support/topic/message-scheduled-action-status-has-been-changed/
-
Security Alert fromhttps://wordpress.org/support/topic/security-alert-from/
-
Still Getting Post-Type Alerts I Don’t Wanthttps://wordpress.org/support/topic/still-getting-post-type-alerts-i-dont-want/