WordPress Security Team Impersonation Scams

Please be aware of a widespread phishing attack affecting the WordPress ecosystem at the moment. If you use WordPress for your website or e-commerce, for your client's project.

Dec 8, 2023 - 16:33
Jun 17, 2025 - 13:25
 0
WordPress Security Team Impersonation Scams
Need help with cyber security or expert website/e-commerce maintenance? Web and Cloud can help, your technology partner since 2003. Login or create a free account at Webandcloud.com and let's discuss your business needs or a strategic partnership with Web and Cloud LLC.

The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the “WordPress team” and the “WordPress Security Team“ in an attempt to convince administrators to install a plugin on their website which contains malware.

The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.

If you receive an unsolicited email claiming to be from WordPress with instructions similar to those described above, please disregard the emails and indicate that the email is a scam to your email provider.

These emails link to a phishing site that appears to be the WordPress plugin repository on a domain that is not owned by WordPress or an associated entity. Both Patchstack and Wordfence have written articles that go in to further detail.

Official emails from the WordPress project will always:

  • Come from a @wordpress.org or @wordpress.net domain.
  • Should also say “Signed by: wordpress.org” in the email details section.
Screenshot of email sent by a WordPress.org email account. The details include

The WordPress Security Team will only communicate with WordPress users in the following locations:

The WordPress Plugin team will never communicate directly with a plugin’s users but may email plugin support staff, owners and contributors. These emails will be sent from plugins@wordpress.org and be signed as indicated above.

The official WordPress plugin repository is located at wordpress.org/plugins with internationalized versions on subdomains, such as fr.wordpress.org/plugins, en-au.wordpress.org/plugins, etc. A subdomain may contain a hyphen, however a dot will always appear before wordpress.org.

A WordPress site’s administrators can also access the plugin repository via the plugins menu in the WordPress dashboard.

As WordPress is the most used CMS, these types of phishing scams will happen occasionally. Please be vigilant for unexpected emails asking you to install a theme, plugin or linking to a login form.

The Scamwatch website has some tips for identifying emails and text messages that are likely to be scams.

As always, if you believe that you have discovered a security vulnerability in WordPress, please follow the project’s Security policies by privately and responsibly disclosing the issue directly to the WordPress Security team through the project’s official HackerOne page.


Thank you Aaron Jorbin, Otto, Dion Hulse, Josepha Haden Chomphosy, and Jonathan Desrosiers for their collaboration on and review of this post.

-


-

HOW CAN WE ASSIST YOU TODAY?

Need help implementing innovative technology, generative AI, CRM, ERP, CMS, consulting, server management, cybersecurity, cross-sector technology management, or tech support/Helpdesk? Since 2003, Web and Cloud has been a trusted global technology partner, bringing extensive expertise to the field. We're here to take the heavy load off your shoulders and streamline your operations with cutting-edge solutions!

Request a quote through Dfecho Free Quote Request Service or Ask Us Anything and let's discuss cutting-edge solutions to support your projects. We are also accepting payment through Dfecho Safe Deals.

-

-

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
Web and Cloud Welcome to Web and Cloud - Pioneering Technology for a Better Tomorrow! Web and Cloud is a tech-enabled firm, digital inclusion advocate, and a reliable technology partner for companies and organizations of all sizes since 2003. We have proudly served the global market, offering cutting-edge solutions, support, and management services to companies, organizations, and startups of all sizes. No matter your location around the world, you can count on us as your reliable technology partner, providing cutting-edge solutions with flexible, and installment payment terms. *How can we assist you today? Ask Web and Cloud Anything or Request obligation-free quotes through Dfecho Free Quote request service.