Warning for Wordpress users

[chayton]

Just got an email from Wordfence about a phishing mail targeting Wordpress users into downloading what they think is a security patch. The email looks like this below, the link goes to a landing page that looks legit, but the security patch is actually a backdoor for a hidden admin user, plus another backdoor which includes a file manager, SQL client, and command line terminal to maintain control over the site.



Things to watch out for:



Read more here:

You do not have permission to view link Log in or register now.

 

[Webzcas]

Thanks for the heads up Chayton. Never ever click on links within emails, if in doubt delete and visit the site in question direct.

 

[Casinomeister]

Thanks Cindy!!

Just goes to show that everyone needs to be vigilant about this. I get daily emails from the casinomeister.com admin saying I need to change my passwords ASAP with an expiring link to do so. If we were a huge company with loads of lower level employees, we'd be in a mess.

 

[chayton]

If I'd gotten this email I'd have noticed the typo right away (Excecution) plus the "Dear user" seems scammy to me. But the link going to en-gb-wordpress[dot]org and the fake landing page almost looks legit so I wanted to share it just in case.

Honestly anyone who uses Wordpress should sign up for the Wordfence mailing list, I get several emails a week with info on plugin vulnerabilities and hacked themes and other stuff they've found. Although since I've been getting it, it makes me wonder if Wordpress is really worth the constant bloody hassle.