WordPress Plugin Phishing Scam
Phishing Scam Targets WordPress Plugin Developers
What may be the first phishing scam specifically targeting WordPress Plugin authors has been discovered. The scam comes in the form of an e-mail claiming the developers plugin has been removed from the WordPress Repository, and tells the plugin author to use the link in the mail to login and change their password.
The e-mail uses the Subject line “[WordPress.org Plugins] Urgent: Your Plugin Has Been Removed” and has this message content
Dear WordPress Plugin Developer,
Unfortunately, a plugin you are hosting has been temporarily removed from the WordPress repository. We are going to manually review your plugin because it has been reported for violating our Terms of Service. If your plugin does not get approved then it will be permanently removed from the WordPress repository.
You can check if your plugin has been approved or rejected at…
This is not an official WordPress email!
Do Not Use The Link
Do not use the link and do not enter your WordPress.org password. The mail does not come from Wordpres.org (if it did it would be ******ATwordpress.org, instead it comes from:
Other mail addresses may also be in use
The link does not take you to the WordPress.org website, instead it links to
Read These Articles As Well
- WARNING: PHISHING ATTEMPT (wordpress.org)
- WP Plugin Authors The Target Of A Phishing Scam (wptavern.com
Thanks to Ipstenu for posting the notification on the plugin forum.