Phishing attempts for WordPress.org credentials

Recently there was a “phishing” email sent to several pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors designed to steal their login credentials. If you receive or have received any emails claiming to be from the plugin repository, please make sure to double check them. Emails regarding the repository are always sent from a wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ email address. If in doubt please reply to the email asking for confirmation.

Please always check the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org you are logging into, for any site. Be sure you are logging into “wordpress.org”, not “wordpress.some-evil-domain.info”.

Here’s what many plugin authors have reported receiving:

Example phishing email. That link doesn't go to wordpress.org, though! (And we don't have a my-plugins-status page.)

If you have received a suspicious email and followed any links, please visit the real WordPress.org and change your password. If not, as a plugin author it’s a good idea to change your password regularly.