Quieting GuardPress Security Alert Email Flood
If GuardPress is sending you the same security alert email every day for days or weeks, or a single plugin update generated 100+ separate emails, you’re hitting one (or both) of two known fixed bugs. Update GuardPress to 1.6.24 or later and the email flood stops on its own — no settings changes needed. Detail on which of the two patterns is yours, what to expect after the update, and how to dial notifications down further.
Is This Your Issue?
Pattern A: Same alert every day for days or weeks
A single GuardPress security alert — same subject line, same finding, same body — arrives in your inbox every morning. Could be an “Outdated Software Check” alert about a debug log, a file integrity change about a file that no longer exists, or a malware finding you’ve already triaged. The alert never stops — one customer reported receiving the same “Debug Log Exposed” alert every morning for 15+ days.
What the flood looks like in your inbox
Two threads, each grouping 31 identical copies of the same alert (62 total emails). Pre-1.6.21 the scanners had no “already notified” state, so every daily scan re-sent every unresolved finding. Fixed in 1.6.21.
Pattern B: 100+ emails from one plugin update
You updated WooCommerce, Elementor, a theme, or any plugin that modifies a lot of PHP files. Within minutes your inbox fills with dozens or hundreds of “Critical File Change Detected” emails — one per file changed by the update. A typical plugin update touching 100+ files produces 100+ emails.
How to recognise it
Each email has the same subject (Critical File Change Detected) but a different file path in the body. They all arrive within the same scan window (usually a few minutes apart). Fixed in GuardPress 1.6.24.
If either pattern (or both) describes what you’re seeing, this article is for you. If you’re getting emails for events you didn’t expect to be alerted on at all (e.g. routine logins by your own admin account), see Sign-in Notifications instead.
The Fix — Update GuardPress to 1.6.24 or Later
Both bugs are fully resolved at 1.6.24. The update is the entire fix — no settings to change, no caches to clear, no config to edit.
Open WP Admin → Plugins
Go to WP Admin → Plugins → Installed Plugins and find GuardPress in the list. The version number is shown under the plugin name.
Check the version
If it says 1.6.24 or higher, you’re already updated — jump to Verify the Fix. If it’s 1.6.23 or earlier, continue.
Run the update
If an update is offered inline, click update now. If WordPress shows you’re on the latest version but the version is still below 1.6.24, force a refresh from WP Admin → Dashboard → Updates → Check Again. (The 1.6.20 SDK fix and the 1.6.25 SDK negative-cache fix both addressed update-discovery bugs that could occasionally hide available updates for up to 12 hours; Check Again bypasses that cache.)
Wait for the next scheduled scan
You won’t get instant feedback — the change takes effect on the next scan cycle (typically daily for file integrity / vulnerability scanner / malware scanner). Once a clean scan completes, the dedup hashes track the “already notified” state and future scans won’t re-email until the finding set genuinely changes.
Verify the Fix
Confirm both bugs are fixed:
Confirm the version is 1.6.24 or higher
WP Admin → Plugins → GuardPress entry → version under the plugin name.
Wait one full scan cycle (24 hours is the typical default)
If you were getting the “same alert every day” pattern, you should see zero repeat alerts the morning after the update (assuming the underlying issue hasn’t actually changed). If a new finding appears that wasn’t there yesterday, that’s a fresh alert — expected and correct.
Run a manual scan if you want immediate feedback
From GuardPress → Malware Scanner → Run Malware Scan Now or GuardPress → Outdated Software → Run Scan. After the scan, check that you receive at most one consolidated email even if there are multiple findings. If you trigger a plugin update right after, the file monitor should emit one batched summary instead of one-per-file.
Send a test email if no alerts have arrived
Use the Send Test Email button under GuardPress → Settings → Notifications to confirm email delivery itself is working — otherwise the “flood stopped” might just be a mail delivery failure. If the test email doesn’t arrive, install an SMTP plugin like Royal SMTP — transactional WordPress email frequently fails on shared hosting without one.
If You Want to Dial Notifications Down Further
The 1.6.24 fix stops the excessive emails. If you still want fewer emails overall — or want to route alerts to a different inbox — the controls live under GuardPress → Settings → Notifications:
- Enable email alerts — master toggle for all GuardPress email notifications. Turning this off stops every alert (brute-force attacks, malware detection, file changes, outdated software, uptime monitoring). Not recommended — you lose visibility into real incidents — but it’s the nuclear option when you need email silence for a brief maintenance window.
- Alert Email — the destination address. Defaults to the WordPress admin email. Set a separate ops inbox, shared team alias, or pager address if you don’t want alerts mixed in with general admin mail.
- Send Test Email — verifies the configured address actually receives mail. If you’ve never received any GuardPress emails (even after triggering events), test here first — the answer is usually mail delivery, not GuardPress.
If you’re tempted to turn off email alerts entirely because of the flood, update first instead. The flood was always a bug — the normal post-1.6.24 cadence is roughly one email per genuinely new finding, which is what you actually want.
Why Did This Happen?
The email flood came from two distinct bugs in different modules that shipped at different times. Both modules wrote dashboard alerts correctly — only the email channel was misbehaving.
Pattern A — Pre-1.6.21: scanners had no “already notified” state
Three modules — file integrity monitor, vulnerability scanner (“Outdated Software Check”), and malware scanner — ran on a daily cron schedule. Each scan that found a critical issue would call wp_mail() to send the alert. Neither scanner remembered what it had already sent. So if you had an unresolved finding (a debug log left exposed, a deleted file flagged as “missing”, a malware signature hit that turned out to be a false positive you hadn’t triaged yet), every single subsequent daily scan re-sent the exact same email — for days, then weeks. The 1.6.21 fix added hashed-deduplication state to all three modules:
- File monitor tracks
guardpress_file_monitor_last_notified_at(a timestamp) and only includes changes recorded since that timestamp in the next notification - Vulnerability scanner hashes the sorted critical-issue set into
guardpress_vulnerability_last_notified_hashand only emails when the hash changes - Malware scanner hashes
file_path|threat_typeper detected threat intoguardpress_malware_last_notified_hashwith the same change-detection logic
All three dedup hashes auto-clear when the underlying issue set goes empty — so the next new finding alerts on the very next scan with no manual reset needed. State updates only happen on a successful wp_mail() send, so a transient SMTP failure retries on the next scan instead of silently swallowing the alert.
Pattern B — Pre-1.6.24: file monitor sent one email per changed file
The file integrity monitor had two separate notification paths firing at the same time during every scan. The first was the per-file Critical File Change Detected alert, queued individually via the alert subsystem so each changed file produced its own email. The second was the batched end-of-scan summary email that already listed every change with paths and hashes.
Both were intentional in isolation. Stacked, they meant a normal WooCommerce or Elementor update — which legitimately modifies 100+ PHP files in one go — produced 100+ individual “Critical File Change Detected” emails plus the one summary email, for 101+ emails from a single update. The 1.6.24 fix suppressed the per-file email entirely. Dashboard alert rows still record every change (the data is preserved for forensic review), but the email channel only sends the consolidated summary.
Still Stuck? Email Priority Support
If you’re on GuardPress 1.6.24 or later and emails are still flooding (or you’re receiving zero emails when you should be getting some), the cause is almost certainly outside GuardPress — usually mail delivery or a custom integration.
Email support@royalplugins.com with the diagnostic info below. Priority email support is included with your GuardPress Pro license — typical response time is within 24 hours.
Information to include in your email
- GuardPress version from WP Admin → Plugins (must be 1.6.24 or higher)
- WordPress version from WP Admin → Updates
- Which pattern you’re hitting — repeat alerts (A), per-file flood (B), or both
- Sample of the duplicate emails — subject line + the first two or three identical copies if possible (so we can confirm what alert type is repeating)
- Result of the Send Test Email button from GuardPress → Settings → Notifications — did it deliver, was it delayed, did it land in spam
- Whether you have an SMTP plugin installed — Royal SMTP, WP Mail SMTP, FluentSMTP, etc. Shared-host transactional email frequently fails without one, and broken delivery looks different from broken dedup
If your issue isn’t excessive emails but unexpected ones:
- Sign-in Notifications — emails sent on every successful sign-in by admin accounts. Configurable per role.
- Uptime Monitoring — sends a downtime alert when the homepage check fails. Rate-limited to one alert per hour.
- Malware Scanner — how Quarantine vs Delete vs Ignore work for triaging findings.
- Outdated Software Check — what each finding means and when to act on it.