With the popularity of WordPress (72 million+ WordPress-powered sites) its not a surprise to see the increasing number or instances of attacks on blogs and websites running the software. The attacks are not only focused on the bugs and flaws of the software but also target the individuals using WordPress through malware-laced themes and plugins. Another thing to note is that the attacks are becoming not only more intense but also more creative.
Just found out today via WP Tavern that a new phishing scam is targeting WordPress plugin authors. Details about this new phishing scam was posted yesterday by a WordPress.org support forum moderator.
- Sender : “WordPress.org“.
- Address : “wordpressplugin[at]hotmail[dot]com“.
- Subject : “[WordPress.org Plugins] Urgent: Your Plugin Has Been Removed DO NOT RESPOND“.
- Message :
Dear WordPress Plugin Developer,
Unfortunately, a plugin you are hosting has been temporarily removed from the WordPress repository. We are going to manually review your plugin because it has been reported for violating our Terms of Service. If your plugin does not get approved then it will be permanently removed from the WordPress repository.
You can check if your plugin has been approved or rejected at
If you’re a WordPress plugin author and you receive an email similar to this, DO NOT CLICK ON THE LINK! If you accidentally clicked on the link and got to the fake WordPress.org site, DO NOT ENTER YOUR ACCOUNT DETAILS!
This is not an official WordPress email. If in case your plugin has actually been removed, the real email notification from the WordPress repository would come from a WordPress.org account.
Any WordPress plugin authors here who received this phishing scam email?