Title: wrong alert email Last modified: February 10, 2022 --- # wrong alert email * Resolved [laserstore](https://wordpress.org/support/users/laserstore/) * (@laserstore) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/) * Hello friends! 1 – The emails Defender sends to my inbox are never sent because it uses an address [noreply@mydomain.com](https://wordpress.org/support/topic/wrong-alert-email/noreply@mydomain.com?output_format=md) but this address does not exist and the email is never sent. It should be based on the address that is registered on the panel. How can I resolve this? * 2 – I would also like to know if Defender protects against database injections. * Thank you very much! Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Support [Imran – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support9/) * (@wpmudev-support9) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15355881) * Hello [@laserstore](https://wordpress.org/support/users/laserstore/) ! * I’m very sorry to hear that you’ve experienced this issue while using our plugin! * Just to confirm – in the Notifications section you have the notifications set to use a different address but the site still sends those using the default email? * 2- Defender doesn’t have a specific feature for preventing SQL injections because those are very difficult to protect against from inside the WordPress code – if a plugin has a vulnerability of this kind, it’s most commonly due to incorrect coding which doesn’t use WordPress functions – those functions are designed in a way to prevent injection attacks through filtering. But if a plugin uses custom database access methods (custom unsafe queries), then there’s hardly anything that can be done to filter this out. * Due to this, the recommended way to handle those kinds of vulnerabilities is to use a server-side Web Application Firewall because it will be able to detect bad requests and prevent them from ever reaching WordPress. Your hosting may offer this kind of feature or you can use the free CloudFlare plan which adds a protection layer to your site. * On the Defender’s side you can still enact some protections which will help prevent those kinds of attacks, especially using the features in the Firewall section. For example you can ban bots which try to scan your site for vulnerabilities before trying out an attack – they will often get caught and get blocked before they are able to cause any harm. Same goes for login protection as some of the db injections can only be attempted when being logged in. * Best regards, Pawel * Thread Starter [laserstore](https://wordpress.org/support/users/laserstore/) * (@laserstore) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15358296) * Hi Pawel! [@wpmudev-support9](https://wordpress.org/support/users/wpmudev-support9/) * Thanks for the excellent answer! The plugin is excellent and we plan on migrating to a premium plan soon. I’m using all the resources you mentioned and I feel excellent protection. Regarding the email, it is configured to send alerts, but when sending it does not use the website’s default email address. He “created” the noreply@ address and tries to send through it, but that email address doesn’t exist. See image of an email log: * > [View post on imgur.com](https://imgur.com/NjsO5Xp) * The email ends up not being sent because the sender address does not exist. I don’t know where it’s configured to use that email that doesn’t exist. Default wordpress email is nuno@mydomain. * If there’s anything possible I can do, let me know. * Thank you very much! - This reply was modified 4 years, 3 months ago by [laserstore](https://wordpress.org/support/users/laserstore/). * Plugin Support [Patrick – WPMU DEV Support](https://wordpress.org/support/users/wpmudevsupport12/) * (@wpmudevsupport12) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15360722) * Hi [@laserstore](https://wordpress.org/support/users/laserstore/) * I hope you are doing well. * This should be from WordPress itself, had you tested this plugin to check if makes any difference? * [https://wordpress.org/plugins/cb-change-mail-sender/](https://wordpress.org/plugins/cb-change-mail-sender/) * Another alternative is trying to configure an SMTP plugin like [https://wordpress.org/plugins/branda-white-labeling/](https://wordpress.org/plugins/branda-white-labeling/) [https://wpmudev.com/docs/wpmu-dev-plugins/branda/#smtp](https://wpmudev.com/docs/wpmu-dev-plugins/branda/#smtp) * Let us know the result you got. Best Regards Patrick Freitas * Thread Starter [laserstore](https://wordpress.org/support/users/laserstore/) * (@laserstore) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15363099) * [@wpmudevsupport12](https://wordpress.org/support/users/wpmudevsupport12/) Hi! * All emails from the site are sent normally, including those referring to the store. All use the default email registered in the wp smtp mail plugin. Only Defender insists on using an email address that doesn’t exist as a sender. There is no email [noreply@mydomain.com](https://wordpress.org/support/topic/wrong-alert-email/noreply@mydomain.com?output_format=md). The site’s default email is different. See the image of the email log generated by the wp smtp mail plugin. * > [View post on imgur.com](https://imgur.com/jqAXjSm) * I can’t understand why Defender “created” or assumed the site’s default email is [noreply@mydomain.com](https://wordpress.org/support/topic/wrong-alert-email/noreply@mydomain.com?output_format=md) * Thank you!! * Plugin Support [Dimitris – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support6/) * (@wpmudev-support6) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15372356) * Hey there [@laserstore](https://wordpress.org/support/users/laserstore/) * This is actually a default address that is used in Defender, but it doesn’t actually mean that these emails are getting sent by that address. It is more about masking them in the frontend of email clients, as in the background it is the same method that sends the emails (whatever you use, native wp_mail() or SMTP). * This is something common in plugins and Defender also provides some hooks to actually customize the noreply emails, like: * ``` wd_subscribe_noreply_email wd_unsubscribe_noreply_email wd_confirm_noreply_email wd_lockout_noreply_email ``` * Here you can find an example that you could use in a MU plugin or functions.php file of your child-theme: [https://wpmudev.com/docs/api-plugin-development/defender-api-docs/#filter-wd_subscribe_noreply_email](https://wpmudev.com/docs/api-plugin-development/defender-api-docs/#filter-wd_subscribe_noreply_email) * Let us know if more assistance is needed. * Thank you, Dimitris * Thread Starter [laserstore](https://wordpress.org/support/users/laserstore/) * (@laserstore) * [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15375843) * Hi Dimitris! [@wpmudev-support6](https://wordpress.org/support/users/wpmudev-support6/) Unfortunately the snippet it didn’t work. But I found another way. I created the noreply@mydomain account and then emails are sent normally. I’ll leave it that way, but I think it shouldn’t be that way, because it’s not always possible to create an extra email account. Anyway, I really appreciate your help and support. * Bye! Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘wrong alert email’ is closed to new replies. * ![](https://ps.w.org/defender-security/assets/icon-256x256.gif?rev=3435930) * [Defender Security - Malware Scanner, Login Security & Firewall](https://wordpress.org/plugins/defender-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/defender-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/defender-security/) * [Active Topics](https://wordpress.org/support/plugin/defender-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/defender-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/defender-security/reviews/) * 6 replies * 4 participants * Last reply from: [laserstore](https://wordpress.org/support/users/laserstore/) * Last activity: [4 years, 3 months ago](https://wordpress.org/support/topic/wrong-alert-email/#post-15375843) * Status: resolved