Hello,
Our version of Admin Tools for WordPress auto-updated today from v1.6.2 to v1.6.3. Immediately thereafter, our webmaster began to receive large numbers of security exception emails from the site. These arrived in batches of 200 emails at the time of update (7:50 a.m. our time), and then in subsequent batches of 200 every hour thereafter. This has gone on all day.
At 8:50 a.,. (approximately 1 hour after the first batch of 200 emails), I edited the email template settings (Admin Tools > Web Application Firewall > Email Templates) on each of the four email templates published. I reduced their send frequency limit from 5 emails every 1 hour "down" to 5 emails every 1 day. This had no effect on the volume of emails arriving. Batches of 200 per hour continue to arrive.
As a temporary measure,, now 12 hours later, I have edited the Web Application Firewall > Auto Ban > "Email this address after an automatic IP ban" setting, and the WAF > Logging and Reporting > "Email this address on security exceptions" fields to remove an email address from these fields altogether, thus theoretically giving Admin Tools no address to send email to. I am hopeful this will stop the email batches being sent.
A final piece of information: The Web Application Firewall > Security Exceptions Log shows 6 security exceptions for today's date. This obviously does not correspond to the high number of emails received claiming a security exception.
Is it possible there is a backlog of unsent emails that has suddenly been freed by the 1.6.3 update somehow, and we are receiving literally months of email in one day?
If not, why do you suspect this behavior is happening, and is there anything you advise I do to correct it/reduce email volume to normal levels?
Appreciate you,
Richard Powell
