Wordfence schedules a callback after a core update to send a notification email. The callback relies on the WordPress cron system, PHP runtime limits, and several transient values. When the cron runner does not execute, or PHP stops the request, the callback never finishes and Wordfence marks the event as failed.
Typical triggers include a disabled wp‑cron, firewall blocks, low memory or execution time, a conflicting plugin that removes the hook, a corrupted transient, or an object‑cache that returns an outdated cron array. Any of these conditions prevents the scheduled function from running.