If you receive an unsolicited email claiming to be from WordPress with instructions similar to those described above, please disregard the emails and indicate that the email is a scam to your email provider.<\/p>\n\n\n\n
These emails link to a phishing site that appears to be the WordPress plugin repository on a domain that is not owned by WordPress or an associated entity. Both Patchstack<\/a> and Wordfence<\/a> have written articles that go in to further detail.<\/p>\n\n\n\n Official emails from the WordPress project will always:<\/p>\n\n\n\n The WordPress Security Team will only communicate with WordPress users in the following locations:<\/p>\n\n\n\n The WordPress Plugin team will never communicate directly with a plugin\u2019s users but may email plugin support staff, owners and contributors. These emails will be sent from plugins@wordpress.org<\/a> and be signed as indicated above.<\/p>\n\n\n\n The official WordPress plugin repository is located at wordpress.org\/plugins<\/a> with internationalized versions on subdomains, such as fr.wordpress.org\/plugins<\/a>, en-au.wordpress.org\/plugins<\/a>, etc. A subdomain may contain a hyphen, however a dot will always appear before wordpress.org.<\/p>\n\n\n\n A WordPress site\u2019s administrators can also access the plugin repository via the plugins menu in the WordPress dashboard.<\/p>\n\n\n\n As WordPress is the most used CMS, these types of phishing scams will happen occasionally. Please be vigilant for unexpected emails asking you to install a theme, plugin or linking to a login form.<\/p>\n\n\n\n The Scamwatch website has some tips for identifying emails and text messages that are likely to be scams<\/a>.<\/p>\n\n\n\n As always, if you believe that you have discovered a security vulnerability in WordPress, please follow the project\u2019s Security policies<\/a> by privately and responsibly disclosing the issue directly to the WordPress Security team through the project\u2019s official HackerOne page<\/a>.<\/p>\n\n\n\n Thank you Aaron Jorbin<\/a>, Otto<\/a>, Dion Hulse<\/a>, Josepha Haden Chomphosy<\/a>, and Jonathan Desrosiers<\/a> for their collaboration on and review of this post.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the \u201cWordPress team\u201d and the \u201cWordPress Security Team\u201c in an attempt to convince administrators to install a plugin on their website which contains malware. The WordPress Security Team will never email you requesting that you install a plugin or theme on your […]<\/p>\n","protected":false},"author":1260288,"featured_media":16553,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15,233],"tags":[],"class_list":["post-16547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-updates"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/wordpress.org\/news\/files\/2023\/12\/WordPress-logotype-alternative.png?fit=2000%2C1080&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-4iT","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/16547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/users\/1260288"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=16547"}],"version-history":[{"count":7,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/16547\/revisions"}],"predecessor-version":[{"id":16556,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/16547\/revisions\/16556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media\/16553"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=16547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=16547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=16547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
@wordpress.org<\/code> or @wordpress.net<\/code> domain.<\/li>\n\n\n\n![\"Screenshot](\"https:\/\/i0.wp.com\/wordpress.org\/news\/files\/2023\/12\/email-details-signed-by-wordpressdotorg.png?resize=1024%2C450&ssl=1\")
<\/figure>\n\n\n\n\n
\n\n\n\n