Take care when searching for WordPress that you do not end up on a fake WordPress site. Wordpresz.org looks like the WordPress site but isn’t.
This is just the first of what could be a run on fake sites that take advantage of your careless misspelling and spoofs the official WordPress site. Pay close attention and type out manually http://www.wordpress.org/ and double check the URL before downloading anything from the official WordPress sites.
If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. The version of WordPress you download has malicious code in the download that opens a backdoor to your blog.
Automattic is looking at ways to keep users informed and warned, but pay attention to details. Just check first and know what you are downloading before risking your blog.
For more information see these articles, but please, do not click through to the fake WordPress site mentioned:
- Craig Murphy – WordPresz 2.6.4 – fake?
- Viper007bond – There is No Such Thing as WordPress 2.6.4
- Peter Westwood – WordPresz
- The Register – Trojanised WordPress
- ZDNet – Fake WordPress site distributing backdoored release
- Weblog Tools Collection – Fake WordPress Site
US Election Sites Attacked
WordPress users are not the only ones who need to watch themselves and protect themselves from security vulnerabilities and attacks.
Security Focus reports that Obama and McCain got a lesson in cybersecurity when their campaign websites/blogs were attacked. The FBI is investigating and the attacks were thwarted.
The increase in website hacking and phishing attempts is increasing, and all website server systems, CMS and blog platforms, and web applications are increasing their security stance around the world. Monitor the various WordPress news resources for updated information to help protect your WordPress blog and your site in general.
Related Articles
- Fighting Registration Spam in WordPress
- Are You Risking Your Blog With an Unofficial or Vulnerable WordPress Theme?
- Protecting Your WordPress Blog
- Attack of the Mean Commenter: Blocking Commenters and Comments on Your WordPress Blog
- Protect Yourself Online With Common Sense
- Blogs and Conspiracy Theories
- Blog Resources: Researching the Research, Finding the Facts, and Seeking Supporting Evidence
- WordPress.com Banned Again: Why Aren’t You Concerned?
- WordPress Security Prevention, Reactions, and Scares
- How to Access Banned WordPress.com Blogs
- WordPress Blogs and More Hacked by Google Redirects
Site Search Tags: wordpress, wordpress tips, wordpress security, fake wordpress, phishing, spoof, spoofing, protect your wordpress blog, wordpress blog protection, wordpress security issues, wordpress news
Subscribe 
Via Feedburner 
Subscribe by Email 
Visit
Copyright Lorelle VanFossen, the author of Blogging Tips, What Bloggers Won't Tell You About Blogging.
Lorelle on WordPress 
13 Comments
I checked the site at 6pm GMT on November 8th and it was off-line. Hope it remains that way.
Crap. To late.
If I only upgrade with the WordPress Automatic Upgrade plugin, I should be safe from this sort of thing, right?
I went and checked and I’m using 2.6.3, but I’m just wondering for the future.
@ Chris Osborne:
Yes, if you upgrade using the Automatic Upgrade, it should be fine. Be sure you keep your WordPress blog updated in order to avoid hacks and other security vulnerabilities.
Most of my time is spent mitigating hackers and spammers now. Its a pain. I never expected 18 months ago (before we started our own servers) that there would be quite so many attempted hacks all day, every day.
Pretty much everything that can be turned off is turned off 😦
The good thing is, if you’re getting spammed/hacked/copied for phishing scams then you can at least know you’ve set up something big enough to be worth exploiting 🙂
Thanks for this post – though I reckon I would have spotted the extra z and the fact that there’d been no official announcements of 2.6.4 (are we going straight to 2.7???)
@ robscott2007:
The truth is that if you are getting spammed/hacked/copied, you are just one of the crowd. Judgment of your content is no longer a prerequisite for quality. EVERYONE is getting spammed, hacked, and copied. I’ve seen blogs only two weeks old with nary a comment get all three. Don’t think you are special. 😀
WordPress 2.7 will be out by the end of the month, so unless there is a major security issue, it is doubtful that there will be another version before the next big one.
Is there no SSL certified version of the WordPress site?
New to Word Press. How do I find out what Version I am running ?
Thank You,
John
@ jwlw:
Look at the bottom of the Administration Panels. It will tell you there, if it is a valid version. Who knows what the fake version will tell you.
Thanks for that Lorelle. One of my customers asked me why his blog wasn’t updated to WP 2.6.4 and i had to look it up…
@ McHow2:
Whew! Glad to help you prevent a disaster!
Why can’t a person ask a question of wordpress if they don’t have a wordpress account? I wanted to ask why a blog was removed, & what terms of service were violated. I can find nowhere at wordpress to ask this question. Why?
@ Regina Battle:
There are a lot of ways of contacting WordPress. Use their contact form. The WordPress.com Terms of Service are very clear.
16 Trackbacks/Pingbacks
[…] Did you know that there’s a fake WORDPRESS malicious Site… After Posting a ‘Post’. I saw this post in my dashboard “Warning: Fake WordPress Malicious Site posted by lorelle”. There’s no WordPress 2.6.4 lorelle said. More Info […]
[…] Lorelle warns about a malicious fake WordPress site that looks like the real one, but isn’t. There is no WordPress 2.6.4. The latest version is 2.6.3. If you “upgraded” to “2.6.4″, then you have installed a fake trojan version (more details here and here). If you’ve “upgraded” to 2.6.4, delete your wp-admin and wp-includes folders and replace them with fresh copies from wordpress.org. More detailed instructions for cleaning up are available here. […]
[…] Lorelle warns about a malicious fake WordPress site that looks like the real one, but isn’t. There is no WordPress 2.6.4. The latest version is 2.6.3. If you “upgraded” to “2.6.4″, then you have installed a fake trojan version (more details here and here). If you’ve “upgraded” to 2.6.4, delete your wp-admin and wp-includes folders and replace them with fresh copies from wordpress.org. More detailed instructions for cleaning up are available here. […]
[…] Lorelle on WordPress varnar för en falsk wordpress sajt (Wordpresz.org), som ser ut som den riktiga WordPress.org. Lorelle varnar även för att uppdatera […]
[…] of this fake WordPress malicious site! Via Lorelle on WordPress (I’ve formatted some parts): Take care when searching for WordPress that you do not end up on […]
[…] “Warning: Fake WordPress Malicious Site” […]
[…] Read the original: Warning: Fake WordPress Malicious Site « Lorelle on WordPress […]
[…] Fake WordPress Version Is a Trojan! […]
[…] For more information see these articles, but please, do not click through to the fake WordPress site mentioned: lorelle.wordpress.com […]
[…] may visit Lorelle’s blog for a summary of more […]
[…] Fake WordPress Version is a Trojan! […]
[…] a fake WordPress site released version 2.6.4 that contained code that opens up the entire WordPress installation. There is no version 2.6.4. If […]
[…] Warning: Fake WordPress Malicious Site […]
[…] Fake WordPress Malicious Site On Lorelle’s website, the following warning can be […]
[…] few years ago WordPress had a phishing scam running with a malware fake site that used a similar spelling to WordPress.org. Take care to pay […]
[…] site for WordPress, and was filled with malicious business. The community spotted it and the outcry warnings to the community went out immediately. We’ve long worked together to inform WordPress fans as there continues to be no single […]