Phishing attempts for WordPress.org credentials

Recently there was a “phishing” email sent to several plugin authors designed to steal their login credentials. If you receive or have received any emails claiming to be from the plugin repository, please make sure to double check them. Emails regarding the repository are always sent from a wordpress.org email address. If in doubt please reply to the email asking for confirmation.

Please always check the URL you are logging into, for any site. Be sure you are logging into “wordpress.org”, not “wordpress.some-evil-domain.info”.

Here’s what many plugin authors have reported receiving:

Example phishing email. That link doesn't go to wordpress.org, though! (And we don't have a my-plugins-status page.)

If you have received a suspicious email and followed any links, please visit the real WordPress.org and change your password. If not, as a plugin author it’s a good idea to change your password regularly.