Phishing attempts to get your wordpress.org password

Recently, I received an email, claiming to be from WordPress.org, notifying that one of my Plugins have been taken down. It also provided a link where I was supposed to check the status of my Plugin. Clicking on this link took me to a website which looked like wordpress.org and was asking for my username and password.

Even though it looked like a WordPress.org website, the url was different. I posted about it the wp-hackers mailing list and got the confirmation that is a phishing attempt to get your WordPress.org username and password.

If you get an email like below, be careful and don’t click the link or enter your username and password.

wordpress.org-phishing-attempt-email

In addition follow the following steps to make sure you don’t compromise your account.

  • Check the sending email address. It will always have a wordpress.org email address
  • Check if the link text and the actual link are different.
  • Make sure that the url of the page where you enter your password is always wordpress.org

You can also find more information about it from this forum thread.

WordPress.org has also sent the following email to all the Plugin developers regarding this issue.

wordpress.org-email-png

Be vigilant and stay safe.

Related posts

Tags: , , ,

0 Comments so far

Follow up comments through RSS Feed | Post a comment

2 Tweetbacks so far

Leave a Reply to sudarmuthu (Sudar) Cancel reply

Your email address will not be published. Required fields are marked *