Phishing Attack on WordPress Websites

The guys over at Sucuri have warned that a phishing attack is currently being run on WordPress websites.

It appears that WordPress users are receiving an email that looks like an official email from WordPress, telling the recipients that their website database is out of date and needs to be updated.

Here’s a version:

Copy of WordPress phishing attack email

There is, as you can see, a link in the email that takes the recipient to a fake WordPress login page, where they are asked to log in and, when they’ve done so, there’s a button to click to upgrade the database.

This gives the hackers your WordPress login credentials at which point they are off to the races.

As always, be fully aware of what links you click in emails!

I strongly urge you to ignore links in emails where they are asking you to log in to your account. Navigate to your account separately via your browser so you know you’re logging in to the correct account.

Stay vigilant!

Martin Malden

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):

{ 8 comments… add one }
  • Fleur Allen September 6, 2018, 12:44 am

    Thanks so much, Martin, appreciate this warning. It is amazing how persistent hackers are to trick people into providing their private login details.

    • Martin September 6, 2018, 12:56 am

      Hi Fleur,

      Yes, unfortunately we cannot relax for a moment. The scale of cyber-crime just keeps growing 🙁



  • Scott September 6, 2018, 12:58 am

    It seems phishing attacks are on the rise again. We have also seen phishing emails claiming to be from Microsoft stating a users Office 365 email account is about to be shut down. The button asks them to reactivate sending them to a fake login page where the username and password are harvested.
    Great advice on ignoring emails where you are asked to log in.

    • Martin September 6, 2018, 1:07 am

      Hi Scott,

      Not just phishing – all cyber-crime..!

      Yes – it’s all too easy to click on a link in an email, especially if it’s come from someone you know. Trouble is, though, if the hackers have got hold of your contact’s email address list the email could come from the hacker even if it appears to be from a contact.



  • Kris September 6, 2018, 2:52 am

    Thank you very much for this heads up! I just have a new website and using wordpress on it. Last thing I need is to be hacked! These cyber hackers are insanely uncontrollable lately. Thanks again!

    • Martin September 6, 2018, 2:56 am

      Hi Kris,

      Yes, unfortunately we’re going to have to be continually vigilant. Wouldn’t it be so much better if these guys, who are technically pretty smart, applied their skills to something legal rather than focusing on illegal activities.

      Clearly that’s too much to hope for..!



  • Garen September 14, 2018, 2:14 pm

    There are a lot of spoof emails out there that try to steal your personal information. One trick I have used over the years is to email support directly asking if there was a problem with XYZ.

    • Martin September 14, 2018, 2:27 pm

      Hi Garen,

      Yes – that’s a good idea. The main thing is to avoid clicking links in those emails..!

      Even links from people you know can be dangerous. If a hacker has got hold of your friend’s contact list by inserting malware on their computer, they can send you emails that appear to come from your friends but insert bad links into them. We have to be constantly vigilant.

      Stay safe 🙂


Leave a Comment