Phishing Attack on WordPress Websites

The guys over at Sucuri have warned that a phishing attack is currently being run on WordPress websites.

It appears that WordPress users are receiving an email that looks like an official email from WordPress, telling the recipients that their website database is out of date and needs to be updated.

Here’s a version:

Copy of WordPress phishing attack email

There is, as you can see, a link in the email that takes the recipient to a fake WordPress login page, where they are asked to log in and, when they’ve done so, there’s a button to click to upgrade the database.

This gives the hackers your WordPress login credentials at which point they are off to the races.

As always, be fully aware of what links you click in emails!

I strongly urge you to ignore links in emails where they are asking you to log in to your account. Navigate to your account separately via your browser so you know you’re logging in to the correct account.

Stay vigilant!

Martin Malden

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):