Web Design & Development, Branding & Marketing Delivering by a leading Birmingham Agency

Share this

Alert: WordPress Security Team Impersonation Scams


Alert: WordPress Security Team Impersonation Scams

The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the “WordPress team” and the “WordPress Security Team“ in an attempt to convince administrators to install a plugin on their website which contains malware.

The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.

If you receive an unsolicited email claiming to be from WordPress with instructions similar to those described above, please disregard the emails and indicate that the email is a scam to your email provider.

These emails link to a phishing site that appears to be the WordPress plugin repository on a domain that is not owned by WordPress or an associated entity. Both Patchstack and Wordfence have written articles that go in to further detail.

Official emails from the WordPress project will always:

  • Come from a @wordpress.org or @wordpress.net domain.
  • Should also say “Signed by: wordpress.org” in the email details section.

Screenshot of email sent by a WordPress.org email account. The details include "mailed-by wordpress.org" and "signed-by wordpress.org".

The WordPress Security Team will only communicate with WordPress users in the following locations:

The WordPress Plugin team will never communicate directly with a plugin’s users but may email plugin support staff, owners and contributors. These emails will be sent from [email protected] and be signed as indicated above.

The official WordPress plugin repository is located at wordpress.org/plugins with internationalized versions on subdomains, such as fr.wordpress.org/pluginsen-au.wordpress.org/plugins, etc. A subdomain may contain a hyphen, however a dot will always appear before wordpress.org.

A WordPress site’s administrators can also access the plugin repository via the plugins menu in the WordPress dashboard.

As WordPress is the most used CMS, these types of phishing scams will happen occasionally. Please be vigilant for unexpected emails asking you to install a theme, plugin or linking to a login form.

Staying Safe

To protect yourself and your website from such scams:

  • Verify Sources: Always check the authenticity of any security alert by visiting the official WordPress website or contacting their support team.
  • Regular Updates: Keep your WordPress site, themes, and plugins updated with the official updates provided through your WordPress dashboard.
  • Use Trusted Plugins: Only install plugins from the official WordPress plugin repository or trusted developers.
  • Be Cautious with Emails: Treat unsolicited emails with skepticism, especially those that prompt immediate action.


Call us today, we’ll be happy to show you how we can make a difference. or Contact us