Please see the screenshot of the email I received below.
So, Why is this Email Considered Spam?
The first reason why this email is considered spam is the prompt telling you, “A high-risk vulnerability on the site: levillainbookcovers.com, has been discovered by the WordPress Security Team.” At first glance, this seems like a legitimate thing for WordPress.org to do. Nevertheless, this is not how the tech industry works.
In the tech world, when the engineers who write the code for the platform discover a vulnerability, they write code to fix the vulnerability and then roll out a security update just like Apple and Google Android do for your phone. At no point do these engineers ask you to download a plugin.
You get it: all security updates come in the form of an official update in the “Updates” section of your WordPress dashboard. Depending on your host, sometimes your host will automatically update the WordPress software for you.
Also the recommended patch or solution for the issue indicates that the “engineers” don’t have access to the platform to make the fix. And that’s highly suspicious.
What Else Should You Look Out For?
Did you notice the email that was sending the notification? It came from “email@example.com.” This, too, is suspicious because, if WordPress were to email its customers then they would do so from the wordpress.org domain.
In order to double check this, I performed a quick google search on “what do emails from wordpress.org look like.” Yes, it’s not the most eloquently written search term but it work for me. The top result of this search lead me to discover this response in a help thread on wordpress.org from the WordPress team.
I’m not going to link the thread because there is someone in the thread who issues out misinformation that I consider quite dangerous because clicking that button and downloading the plugin could have disastrous results for your website.
Please see the screenshot below.
Also, check out this screenshot from the WordPress.org News Updates.
I hope this news update helps you to avoid these scams that may result in making your website more vulnerable. Also I hope this helps you to not be taken advantage of by these opportunists and others who may target you in the future.
Thank you for listening, reading, commenting and sharing with such enthusiasm.
I’m Amelia. When I’m not hosting the Authorpreneur Podcast™️ and the Book Nerd Podcasts, I write Mystery Novels under the pen name A. D. Hay. And, I’m the author of Suspicion, the Lawn, and the Candidate.
On this blog, I help new writers to finish their first draft, prepare their manuscripts for professional editing, and when they get stuck in the first draft phase or are confused about the revision process.
Right now, I’m editing and preparing my soon to be published mystery novels, Suspicion, Duplicity, 24 Hours, and Immunity for publication.