Skip navigation

Warning: Fake WordPress Malicious Site

WordPress NewsTake care when searching for WordPress that you do not end up on a fake WordPress site. Wordpresz.org looks like the site but isn’t.

This is just the first of what could be a run on fake sites that take advantage of your careless misspelling and spoofs the official WordPress site. Pay close attention and type out manually http://www.wordpress.org/ and double check the URL before downloading anything from the official WordPress sites.

If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. The version of WordPress you download has malicious code in the download that opens a backdoor to your blog.

Automattic is looking at ways to keep users informed and warned, but pay attention to details. Just check first and know what you are downloading before risking your blog.

For more information see these articles, but please, do not click through to the fake WordPress site mentioned:

US Election Sites Attacked

WordPress users are not the only ones who need to watch themselves and protect themselves from security vulnerabilities and attacks.

Security Focus reports that Obama and McCain got a lesson in cybersecurity when their campaign websites/blogs were attacked. The FBI is investigating and the attacks were thwarted.

The increase in website hacking and phishing attempts is increasing, and all website server systems, CMS and blog platforms, and web applications are increasing their security stance around the world. Monitor the various WordPress news resources for updated information to help protect your WordPress blog and your site in general.

Related Articles



Site Search Tags: , , , , , , , , , ,

Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email Visit
Copyright Lorelle VanFossen, the author of Blogging Tips, What Bloggers Won't Tell You About Blogging.

13 Comments

  1. Posted November 8, 2008 at 11:06 am | Permalink

    I checked the site at 6pm GMT on November 8th and it was off-line. Hope it remains that way.

  2. Posted November 9, 2008 at 9:18 am | Permalink

    Crap. To late.

  3. Posted November 9, 2008 at 10:10 pm | Permalink

    If I only upgrade with the WordPress Automatic Upgrade plugin, I should be safe from this sort of thing, right?

    I went and checked and I’m using 2.6.3, but I’m just wondering for the future.

  4. Posted November 9, 2008 at 11:40 pm | Permalink

    @ Chris Osborne:

    Yes, if you upgrade using the Automatic Upgrade, it should be fine. Be sure you keep your WordPress blog updated in order to avoid hacks and other security vulnerabilities.

  5. robscott2007
    Posted November 10, 2008 at 8:46 am | Permalink

    Most of my time is spent mitigating hackers and spammers now. Its a pain. I never expected 18 months ago (before we started our own servers) that there would be quite so many attempted hacks all day, every day.

    Pretty much everything that can be turned off is turned off :(

    The good thing is, if you’re getting spammed/hacked/copied for phishing scams then you can at least know you’ve set up something big enough to be worth exploiting :)

    Thanks for this post – though I reckon I would have spotted the extra z and the fact that there’d been no official announcements of 2.6.4 (are we going straight to 2.7???)

  6. Posted November 11, 2008 at 12:04 am | Permalink

    @ robscott2007:

    The truth is that if you are getting spammed/hacked/copied, you are just one of the crowd. Judgment of your content is no longer a prerequisite for quality. EVERYONE is getting spammed, hacked, and copied. I’ve seen blogs only two weeks old with nary a comment get all three. Don’t think you are special. :D

    WordPress 2.7 will be out by the end of the month, so unless there is a major security issue, it is doubtful that there will be another version before the next big one.

  7. Posted November 11, 2008 at 11:52 am | Permalink

    Is there no SSL certified version of the WordPress site?

  8. jwlw
    Posted November 12, 2008 at 7:26 am | Permalink

    New to Word Press. How do I find out what Version I am running ?

    Thank You,
    John

  9. Posted November 12, 2008 at 12:45 pm | Permalink

    @ jwlw:

    Look at the bottom of the Administration Panels. It will tell you there, if it is a valid version. Who knows what the fake version will tell you.

  10. Posted November 13, 2008 at 5:40 pm | Permalink

    Thanks for that Lorelle. One of my customers asked me why his blog wasn’t updated to WP 2.6.4 and i had to look it up…

  11. Posted November 13, 2008 at 11:27 pm | Permalink

    @ McHow2:

    Whew! Glad to help you prevent a disaster!

  12. Posted November 16, 2008 at 1:44 pm | Permalink

    Why can’t a person ask a question of wordpress if they don’t have a wordpress account? I wanted to ask why a blog was removed, & what terms of service were violated. I can find nowhere at wordpress to ask this question. Why?

  13. Posted November 16, 2008 at 8:22 pm | Permalink

    @ Regina Battle:

    There are a lot of ways of contacting WordPress. Use their contact form. The WordPress.com Terms of Service are very clear.


16 Trackbacks/Pingbacks

  1. [...] Did you know that there’s a fake WORDPRESS malicious Site… After Posting a ‘Post’. I saw this post in my dashboard “Warning: Fake WordPress Malicious Site posted by lorelle”. There’s no WordPress 2.6.4 lorelle said. More Info [...]

  2. [...] Lorelle warns about a malicious fake WordPress site that looks like the real one, but isn’t. There is no WordPress 2.6.4. The latest version is 2.6.3. If you “upgraded” to “2.6.4″, then you have installed a fake trojan version (more details here and here). If you’ve “upgraded” to 2.6.4, delete your wp-admin and wp-includes folders and replace them with fresh copies from wordpress.org. More detailed instructions for cleaning up are available here. [...]

  3. [...] Lorelle warns about a malicious fake WordPress site that looks like the real one, but isn’t. There is no WordPress 2.6.4. The latest version is 2.6.3. If you “upgraded” to “2.6.4″, then you have installed a fake trojan version (more details here and here). If you’ve “upgraded” to 2.6.4, delete your wp-admin and wp-includes folders and replace them with fresh copies from wordpress.org. More detailed instructions for cleaning up are available here. [...]

  4. [...] Lorelle on WordPress varnar för en falsk wordpress sajt (Wordpresz.org), som ser ut som den riktiga WordPress.org. Lorelle varnar även för att uppdatera [...]

  5. [...] of this fake WordPress malicious site! Via Lorelle on WordPress (I’ve formatted some parts): Take care when searching for WordPress that you do not end up on [...]

  6. [...] “Warning: Fake WordPress Malicious Site” [...]

  7. [...] Read the original: Warning: Fake WordPress Malicious Site « Lorelle on WordPress [...]

  8. [...] Fake WordPress Version Is a Trojan! [...]

  9. [...] For more information see these articles, but please, do not click through to the fake WordPress site mentioned: lorelle.wordpress.com [...]

  10. [...] may visit Lorelle’s blog for a summary of more [...]

  11. [...] Fake WordPress Version is a Trojan! [...]

  12. [...] a fake WordPress site released version 2.6.4 that contained code that opens up the entire WordPress installation. There is no version 2.6.4. If [...]

  13. [...] Warning: Fake WordPress Malicious Site [...]

  14. [...] Fake WordPress Malicious Site On Lorelle’s website, the following warning can be [...]

  15. [...] few years ago WordPress had a phishing scam running with a malware fake site that used a similar spelling to WordPress.org. Take care to pay [...]

  16. […] site for WordPress, and was filled with malicious business. The community spotted it and the outcry warnings to the community went out immediately. We’ve long worked together to inform WordPress fans as there continues to be no single […]

Post a Comment

Follow

Get every new post delivered to your Inbox.

Join 19,717 other followers

%d bloggers like this: