BugWP logo BugWP
Back to Community
Home / Community / General

Troubleshooting Sucuri Security Plugin Email Alert Issues

15 threads Sep 16, 2025

Content

Email alerts are a core feature of the Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin, providing vital notifications about security events on your WordPress site. However, users sometimes encounter problems where these alerts fail to send, arrive empty, or don't behave as expected. This guide compiles common issues and their solutions based on community experiences.

Common Email Alert Issues and Solutions

1. Alerts Not Sending At All

If you are not receiving any alert emails, including test alerts, the issue is often related to how your WordPress site handles email delivery.

  • Switch Email Sending Method: A common fix is to change the method the plugin uses to send mail. In the plugin's settings, navigate to the Alerts section and find the option labeled "Use WordPress functions to send mails". Uncheck this box. This forces the plugin to use PHP's built-in mail() function instead of WordPress's wp_mail() function, which can sometimes bypass configuration issues.
  • Check with Your Host: Since the plugin relies on WordPress or PHP to actually send the email, the problem may lie with your hosting provider's mail server. If switching the sending method doesn't work, contact your host to investigate if emails are getting stuck in a queue or being blocked.
  • Plugin Conflicts: Some email relay plugins (like Postmark) can conflict with the alert system. If you have such a plugin active, try temporarily deactivating it to see if alerts start working. If they do, the conflict lies with the email plugin's implementation, not Sucuri.

2. Alerts Only Sending to the Primary Admin Email

The plugin is designed to send alerts to all email addresses listed in the "Alerts Recipient" field. If only the primary admin receives them, it indicates the feature is working but another factor is preventing delivery to the additional addresses.

  • The plugin passes the entire list of emails to WordPress's mailing system. If some emails are rejected, it is likely due to an SPF (Sender Policy Framework) or anti-spoofing policy on your mail server (e.g., Mimecast). You may need to whitelist your server's IP address or adjust these security policies to allow the emails through.

3. Receiving Empty Alert Emails

If you receive emails but they appear blank, the issue is typically related to email format and client rendering.

  • The plugin sends alerts in plain text by default. Try enabling the "Use HTML format in the alerts" option in the plugin's settings. Some email clients may render HTML content more reliably. If the problem persists, use your email client's "Show Message Source Code" or similar option to inspect the raw email content, which can provide clues for further troubleshooting.

4. Alerts for Unwanted Events or from Specific IPs

The plugin's granular control over alerts can sometimes be confusing.

  • Ignoring Your Own Activity: The plugin can ignore events from a trusted IP address. However, if your IP address changes frequently (like with IPv6), this feature becomes ineffective, as there is currently no way to whitelist a dynamic IP range.
  • Ignoring Specific Post Types: The alert setting "Receive email alerts for changes in the post status" mentions it can be configured "from Ignore Posts Changes." This refers to a planned or previously existing feature that may not be fully implemented in all versions. There is currently no built-in interface to ignore alerts for specific post types.

5. Alert Settings Seem to Reset

If your configured alert settings, trusted IPs, or recipient emails revert to a previous state, an external process is likely overwriting them.

  • Investigate any automated cron jobs, staging-to-live synchronization scripts, or database replication processes that might be restoring an older version of the plugin's configuration data (sucuriscan_* options in the wp_options table).

Conclusion

Most email alert issues with the Sucuri Security plugin stem from mail server configuration, conflicts with other plugins, or external processes interfering with settings. By methodically testing the sending method, checking for conflicts, and consulting with your hosting provider, you can usually resolve these problems and ensure your site's security alerts are delivered reliably.

Related Support Threads Support