You install WP Security Audit Log. Now you get email alerts every time you log in. “User logged in from unknown IP.” But it is you. Every time. That is frustrating because you get spam from your security plugin.
A common issue is that the plugin alerts on all logins by default. It does not know which IPs are trusted. The plugin is not broken. You need to whitelist your IP addresses.
Why WP Security Audit Log Alerts on Your Logins
WP Security Audit Log monitors all user logins. It can send alerts for “suspicious” logins. By default, any login from an IP not in whitelist triggers alert. Your home IP is not whitelisted. Every login looks suspicious to plugin.
This is not WP Security Audit Log being bad. Security plugins alert on unknowns by design.
The Most Common False Alert Scenarios
- Logging in from home (IP not whitelisted)
- Logging in from coffee shop, office, VPN (different IPs)
- Dynamic IP address changes (new IP every login)
- Multiple admins logging in (each triggers alert)
- Mobile login (IP changes frequently)
All are normal but trigger alerts.
How to Stop Alerts for Your Own Logins
- Go to WP Security Audit Log → Settings → Alerts
- Find “User logged in” alert
- Disable email notification for this alert
- Or set alert level to “Info” (no email)
- Add your IP addresses to whitelist
- Save settings
Disabling login alerts is easiest. You know when you log in.
How to Whitelist Your IP Address
Go to WP Security Audit Log → Settings → Whitelist. Add your IP address. Add office IP. Add VPN IPs. Save. Logins from these IPs will not trigger alerts.
Find your IP by searching Google “what is my IP.”
Alternative: Keep Alerts for Failed Logins Only
Disable alerts for successful logins. Keep alerts for failed logins. Failed logins are real threats. Successful logins are usually you.
Go to Alerts → User logged in → Disable. Go to Failed login → Enable.
People Also Ask About WP Security Audit Log Alerts
Why do I get security alerts for my own logins?
Your IP is not whitelisted. Add it or disable login alerts.
Should I stop using WP Security Audit Log?
No. Disable login alerts. Keep alerts for real threats.
Is WP Security Audit Log worse than Simple History for alerts?
Simple History does not email alerts. It only logs. Different tools.
Final Thoughts
If WP Security Audit Log alerts on your logins, disable login alerts. Or whitelist your IP. Keep alerts for failed logins and changes. Security monitoring continues without spam.