Recently, I received an email, claiming to be from WordPress.org, notifying that one of my Plugins have been taken down. It also provided a link where I was supposed to check the status of my Plugin. Clicking on this link took me to a website which looked like wordpress.org and was asking for my username and password.
Even though it looked like a WordPress.org website, the url was different. I posted about it the wp-hackers mailing list and got the confirmation that is a phishing attempt to get your WordPress.org username and password.
If you get an email like below, be careful and don’t click the link or enter your username and password.
In addition follow the following steps to make sure you don’t compromise your account.
- Check the sending email address. It will always have a wordpress.org email address
- Check if the link text and the actual link are different.
- Make sure that the url of the page where you enter your password is always wordpress.org
You can also find more information about it from this forum thread.
WordPress.org has also sent the following email to all the Plugin developers regarding this issue.
Be vigilant and stay safe.