hacker image

Important Security Notice: WordPress administrators being actively targeted with phishing campaign

No Comments

By Encode

It has come to our attention that a fraudulent phishing campaign is actively targeting administrators of WordPress websites.

What You Need to Know:

The attackers are sending emails with the subject line “URGENT: Vulnerability found – Your website [DOMAIN] is at risk!” The email claims to be from the WordPress Security Team and insists on addressing a critical Remote Code Execution (RCE) vulnerability affecting your website. It urges users to download a plugin labelled as “CVE-2024-46188 Patch” to mitigate the alleged threat.

Please Be Aware:

This email is a part of a sophisticated phishing scam. The plugin advertised in the email is malicious and could compromise your website’s security if installed. The phishing website it directs you to might resemble a legitimate WordPress.org page, mimicking its style and appearance to deceive unsuspecting users.

What You Should Do:

  • Do not click on any links or download any plugins mentioned in the suspicious email.
  • Avoid providing any login credentials or sensitive information prompted by such emails.
  • Verify the legitimacy of any security alerts by directly visiting official WordPress resources or contacting our support team.
  • Never install plugins from unknown sources and where possible update plugins and themes directly from the WordPress.org repository within your dashboard.
  • Always ensure two-factor authentication (2FA) is enabled for your WordPress admin account.
  • Use a reputable security plugin to enhance your website’s protection.

Our Action:

We have taken necessary precautions to try to block these emails being delivered to our server and have implemented security measures to actively protect our clients’ websites from such fraudulent attempts. We are continuously monitoring the situation to ensure our websites’ safety and security. We recommend you do the same if you are in the position to administer servers.

Encode Customers,

We urge you to remain vigilant against such phishing attempts and to report any suspicious emails or activities to us immediately. Your collaboration in maintaining the security of your website is crucial in safeguarding against potential threats.

Should you have any concerns or require assistance, please reach out to our support team promptly.

Thank you for your attention to this matter.


Neil Batchelor

Leave a comment

Give us a Call

Mon - Friday, 9 - 5.
Out of Hours Voicemail Available.

0330 123 4000

Give us a Call

Mon - Friday, 9 - 5.
Out of Hours Voicemail Available.

0330 123 4000

Drop an Email

Start the conversation