ā ļø Warning: A new phishing campaign is targeting WordPress website owners with fake update emails. Stay alert and donāt get tricked!
š§ Whatās happening?
Many users have recently received emails with subject lines like:
āWordPress 6.5.2 requires a PHP updateā
At first glance, it looks like a routine notification. But in reality, itās a scam.
š© Red Flags in These Emails
- Fake sender address ā Itās not from
wordpress.org, even if it looks similar. - Malicious links ā The email contains links that supposedly point to PHP update instructions, but actually lead to phishing websites or install malware.
- Professional design ā The email looks clean and legitimate to avoid suspicion.
š§Ŗ What does the fake email look like?
A typical email includes:
- A warning about outdated PHP
- A button or link to āupdateā or āread moreā
- Reference to the latest WordPress version (e.g., 6.5.2)
Itās designed to make you panic and click ā donāt fall for it.
ā What should you do?
- Do NOT click any links in the email.
- Verify the sender ā If it looks suspicious, delete it immediately.
- Contact your hosting provider or site administrator.
- Ensure your site is fully updated (WordPress core, themes, and plugins).
- Scan your site for malware if you accidentally interacted with the email.
š” How to stay safe?
- Use trusted security plugins like Wordfence or iThemes Security.
- Enable two-factor authentication for admin logins.
- Regularly back up your site.
- Never trust emails asking you to manually update anything ā check your siteās dashboard instead.
š Remember: WordPress does not send emails asking you to update PHP or install plugins manually. All official updates happen via your siteās admin panel or through your hosting provider.
When in doubt ā ask your developer or digital agency. Better safe than hacked.