Sucuri not sending email alerts

[SOLVED] How to Fix Sucuri Not Sending Email Alerts

Updated: Reader Disclosure
LinkedIn
Summarize:ChatGPTPerplexity

Sucuri detected suspicious activity on your site, but you never got the email alert. This defeats the entire purpose of having security monitoring if you don’t know when threats are detected.

The problem usually isn’t with Sucuri itself, but with how WordPress sends emails. By default, WordPress uses an unreliable email method that providers like Gmail and Yahoo increasingly block.

In this guide, I’ll show you how to check your Sucuri alert settings. I’ll also show you how to install WP Mail SMTP to make all of your WordPress emails are reliably delivered.

Fix Your Sucuri Emails Now! 🙂

What Email Alerts Does Sucuri Send?

Sucuri sends email notifications when it detects security events or suspicious activity on your WordPress website.

These alerts are your first line of defense against hackers, malware, and unauthorized access attempts.

Common Sucuri Alert Types:

  • Plugin/Theme Changes: Notifications when plugins or themes are installed, updated, or deleted
  • Failed Login Attempts: Alerts when multiple wrong passwords are entered
  • File Modifications: Warnings when core WordPress files are changed unexpectedly
  • Malware Detection: Immediate alerts when malicious code is found
  • Blacklist Notifications: Warnings when your site appears on security blacklists

Here’s an example of a Sucuri email when it detects a new plugin has been activated:

Example of a Sucuri email alert

Getting these alerts immediately is critical for WordPress security response. If you don’t receive security notifications, you might miss:

  • Hackers installing backdoor plugins
  • Brute force attacks trying to guess passwords
  • Malware infections spreading through your site
  • Unauthorized file changes that indicate compromise

How to Fix Sucuri Not Sending Email Alerts

There are many email settings in Sucuri that could prevent alerts from being sent on time, and sometimes the emails can go to spam. I’ll show you how to troubleshoot both of these email issues in the steps below.

Check Sucuri Email Alert Settings

Before fixing WordPress email delivery, let’s verify your Sucuri plugin is configured correctly to send alerts. Many missing notifications stem from incorrect settings rather than email problems.

1. Send a Sucuri Test Email

To start, open up Sucuri’s Settings page from the menu on the left in your WordPress dashboard.

Sucuri settings in WordPress

From the tabs across the top, let’s click Alerts. There’s a Test Alerts button that you can click if you want to send a test email from Sucuri.

Sucuri email alerts tab

By default, the email address here will be the admin user in WordPress, but we’ll show you how to change it in a moment.

Test Sucuri email alerts

Unfortunately, this email test is super basic. When you click the button, there’s no indication of what’s happening behind the scenes, and no way to check deliverability.

So to check the result, all you can do is check your email, and your Junk Mail or spam folder. If the email is sent successfully, you should get a test email alert like this one.

Sucuri test email received

Pro Tip

Sucuri’s test email doesn’t show delivery errors or spam filtering issues. Even if you receive the test email, Sucuri alerts might still go to spam during actual security events. Always complete both Sucuri settings AND WordPress email setup to ensure reliable delivery.

2. Add a New Recipient for Alerts

If you don’t receive the test email, let’s try adding another recipient to the list and testing again. For example, if your primary email is Gmail, add a Yahoo or Outlook address for testing.

To have the best chance of receiving the test email, add an email address at a different domain. Just type the new address into the field and click Submit to add it.

Sucuri email alert recipient change

This helps identify if the problem is with your specific email provider or a broader delivery issue. You can also use this process to add multiple team members who should receive security alerts.

Moving on, let’s check some of the other settings that can stop Sucuri from sending emails when you expect it to.

3. Remove Trusted IP Addresses

Sucuri won’t send alerts if it detects activity for a trusted IP. Check the Trusted IP addresses list to see if there are any entries. For now, remove all of the trusted IPs.

This ensures you receive notifications for all website activity, including your own login attempts and plugin changes. Once email delivery is confirmed working, you can add trusted IPs back if needed.

Sucuri trusted IP settings

However, many security experts recommend keeping the trusted IP list empty so you get alerts for all activity, even your own administrative actions.

4. Increase the Alerts Per Hour Setting

The default Sucuri setting allows maximum 5 alerts per hour. If you’re actively working on your website or experiencing multiple security events, you’ll quickly exceed this limit and stop receiving notifications.

Scroll down to the Alerts Per Hour setting and increase it to a higher number or select Unlimited Alerts Per Hour. This prevents Sucuri from throttling notifications during busy periods.

Sucuri email alerts per hour

For example, if you’re installing multiple plugins, updating themes, or making several login attempts, you want to know about each activity rather than missing notifications due to hourly limits.

5. Decrease the Logins Per Hour Setting

Scroll down to the Brute Force Attacks setting. If the failed login threshold is set too high, Sucuri won’t warn you when attackers are trying to guess your password.

The default setting might be too lenient for proper security monitoring. Lower this to 120 failed logins per hour (or the minimum setting) to get earlier warnings about potential brute force attacks.

Sucuri brute force email alert setting

This ensures you’re notified quickly when suspicious login activity occurs, rather than waiting until hundreds of failed attempts have already happened. Early detection helps you block attacks before they escalate.

You can adjust this number based on your site’s typical traffic patterns, but starting with the most sensitive setting provides better security coverage.

6. Turn on Email Security Alerts

Finally, let’s review all of the Security Alerts. Be sure to review all lines that begin ‘Receive Email Alerts for…’ to make sure that the notifications you need are enabled.

Common alert types include file changes, plugin installations, failed logins, and malware detection. Enable all alerts initially, then disable specific ones later if you receive too many notifications.

Enable Sucuri email alerts

Pay special attention to critical security alerts like unauthorized file modifications, new user registrations, and core WordPress changes. These represent the highest security risks and require immediate attention.

After enabling your desired alerts, the Sucuri configuration is complete. If you’re still not receiving emails after adjusting these settings, the problem is likely WordPress email delivery, which we’ll fix with WP Mail SMTP.

Send Sucuri Email Alerts With SMTP

By default, Sucuri sends emails using the wp_mail() function. This method is super basic, and the emails aren’t authenticated when WordPress sends them.

That’s why Sucuri alerts get lost (or filed in the Junk Mail). It’s easy to solve this problem with the WP Mail SMTP plugin.

WP Mail SMTP will send your WordPress emails through a separate email service like SendLayer instead of relying on your hosting server.

That will add the authentication your emails need to pass spam checks. Let’s install the plugin now to solve the email deliverability problem you’re having.

1. Install WP Mail SMTP

To start, download the zip file from your WP Mail SMTP account so you can install it on your website. You’ll find it in the Downloads tab.

Download WP Mail SMTP to fix WPForms contact form not sending email

Next, open up your WordPress dashboard. Head to the Plugins page and upload the plugin to your WordPress site. If you’re not sure how to do this, check out this guide to installing a plugin in WordPress.

Install WP Mail SMTP

As soon as you activate the plugin, the WP Mail SMTP Setup Wizard will open.

You can also re-start the wizard at any time by clicking the Launch Setup Wizard button in your WP Mail SMTP settings. Just know that re-starting the wizard later might reset your SMTP settings.

2. Choose an Email Service Provider

Now we can choose a new provider to handle outgoing WordPress emails. WP Mail SMTP will guide you through this using a simple interface. Click the Let’s Get Started button to begin.

Start the WP Mail SMTP setup wizard to fix WPforms not sending email

On the next screen, click the mailer you want to use from the list. WP Mail SMTP lets you choose from different free or paid email providers here.

Choose SMTP Mailer

Wondering which one to use? Keep in mind that some email providers will limit the number of emails you can send each day. So:

  • If you have a small site, you can use Gmail or Other SMTP, but those mailers might not be able to handle many hundreds of emails from a busy website. If you’ve set up Sucuri to send Unlimited Notifications Per Hour, and you’re actively working on your site, you might have issues.
  • For a busy site, you’ll want to pick a transactional mailer that has a high enough sending limit to handle hundreds of alerts, contact form emails, WooCommerce orders, and website notifications. We recommend SendLayer, SMTP.com, or Brevo (formerly Sendinblue) for this.

When you’ve chosen your mailer, open up our documentation to complete the setup steps on the provider’s side:

It’s best to open the documentation in a new tab so you can easily jump back to this guide. Want to set up multiple mailers?

You can do so in the Additional Connections settings once you’ve finished the Setup Wizard. Then you can select a Backup Connection and configure Smart Routing.

3. Turn On Email Logging

In the next step, WP Mail SMTP Pro customers will get the option to turn on Detailed Email Logs in the plugin.

Enabling email logs and email alerts in the WP Mail SMTP Setup Wizard

I highly recommend that you turn on Detailed Email Logs and Complete Email Reports so that WP Mail SMTP can track the status of every email your site sends.

The Pro plan also lets you view the status of all your emails in the WordPress dashboard so you can easily spot any deliverability problems.

WP Mail SMTP Pro dashboard widget

You may also want to enable the Weekly Email Summary so you can see you latest email delivery stats in your inbox.

Email Summary With Statistics in WP Mail SMTP Pro

The other feature you can enable here is Instant Email Alerts. These notifications let you know if an email fails to send from your site.

An email alert notification

Then you can quickly work out a solution so your users don’t miss any important emails. If you enabled email logging, there are a few more options for you on the next screen.

Configuring email log settings in the WP Mail SMTP Setup Wizard

These settings let you save email content and attachments and track behavior such as email opens and link clicks. You’ll also be able to print logs and resend emails if you need to.

All set? There’s 1 more thing to do. Now we have WP Mail SMTP, we can use a much more sophisticated email test to check your Sucuri emails are working.

4. Send a Test Email From WP Mail SMTP

Remember how we used Sucuri’s email test at the start? It was too basic to report problems with email deliverability.

Now we can use the more advanced email test in WP Mail SMTP! In WP Mail SMTP, go to Tools and click the Email Test tab to start.

Sending a test email with WP Mail SMTP

On this screen, customize the recipient address for your test email and hit Send Email.

Send test email from WP Mail SMTP

If everything’s set up correctly, you’ll see a green message.

Test Cloudflare email in WordPress - success message

If WP Mail SMTP detects any issues, it’ll show a warning.

Deliverability should be improved warning message

Underneath the warning, you’ll see some information on the steps you need to take to improve it. And that’s it! Now you’ll always get your Sucuri email alerts on time.

FAQs on How to Fix Sucuri Not Sending Email Alerts

Sucuri not sending email alerts is a popular concern among our readers. Here are answers to some common queries about it:

Why is Sucuri not sending email alerts?

Sucuri email problems usually stem from WordPress email delivery issues rather than the security plugin itself.

WordPress uses unreliable PHP mail() function by default, which modern email providers often block or send to spam.

Check your Sucuri alert settings first, then install WP Mail SMTP to route emails through authenticated providers for reliable delivery.

How do I test if Sucuri alerts are working?

Go to Sucuri Settings » Alerts in your WordPress dashboard and click the Test Alerts button. Check both your inbox and spam folder for the test email.

If you don’t receive it, add a different email address (from another provider like Gmail or Yahoo) and test again. This helps identify if the issue is with your email provider or WordPress email settings.

What types of email alerts does Sucuri send?

Sucuri sends notifications for plugin installations, theme changes, failed login attempts, file modifications, malware detection, and blacklist warnings.

You can customize which alerts you receive in the Sucuri Settings » Alerts section. Enable all security alerts initially, then disable specific ones if you receive too many notifications for your workflow.

How do I add multiple email recipients to Sucuri alerts?

In Sucuri Settings » Alerts, add additional email addresses in the recipient field and click Submit. This allows multiple team members to receive security notifications.

You can remove recipients by checking the box next to their email and using the remove option. Consider adding both personal and business email addresses for redundancy.

Why do Sucuri alerts go to spam?

WordPress default email lacks authentication (SPF, DKIM, DMARC), causing security emails to trigger spam filters. Email providers are especially suspicious of security-related messages from unverified sources.

Install WP Mail SMTP and configure it with an authenticated email service like SendLayer or Gmail to ensure Sucuri alerts reach your inbox instead of spam folders.

How do I check Sucuri security settings?

Access Sucuri settings through your WordPress dashboard sidebar. Review the Alerts tab for notification settings, check Trusted IP addresses that might prevent alerts, verify the alerts per hour limit isn’t too restrictive, and ensure brute force protection is set to appropriate sensitivity levels.

Can I use WP Mail SMTP with Sucuri?

Yes, WP Mail SMTP works perfectly with Sucuri and improves alert delivery reliability.

WP Mail SMTP handles all WordPress email delivery, including Sucuri security notifications, by routing them through authenticated email services.

This ensures your security alerts reach your inbox reliably instead of being blocked or marked as spam by email providers.

Next, Learn More WordPress Security Tips

Now that your Sucuri email alerts are working, enhance your WordPress security with these additional protection measures:

Fix Your WordPress Emails Now

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. If you don’t have the time to fix your emails, you can get full White Glove Setup assistance as an extra purchase, and there’s a 14-day money-back guarantee for all paid plans.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPForms is funded, why it matters, and how you can support us.

Hamza Shahid

Hamza is a Writer for WP Mail SMTP, who also specializes in topics related to digital marketing, cybersecurity, WordPress plugins, and ERP systems. Learn More

Try our Free WP Mail SMTP plugin

Use your favorite SMTP provider to reliably send your WordPress emails.