Phishing attempts for credentials

Recently there was a “phishing” email sent to several plugin authors designed to steal their login credentials. If you receive or have received any emails claiming to be from the plugin repository, please make sure to double check them. Emails regarding the repository are always sent from a email address. If in doubt please reply to the email asking for confirmation.

Please always check the URL you are logging into, for any site. Be sure you are logging into “”, not “”.

Here’s what many plugin authors have reported receiving:

Example phishing email. That link doesn't go to, though! (And we don't have a my-plugins-status page.)

If you have received a suspicious email and followed any links, please visit the real and change your password. If not, as a plugin author it’s a good idea to change your password regularly.