Is Plugintheme Net a scam or legitimate

Warning: WordPress phishing emails are currently in circulation


The fight against cybercrime never seems to stop. We regularly report on security gaps that pose a threat to the security of WordPress sites. Follow us on Facebook to be informed about new WordPress news and the latest security vulnerabilities.

Fraudsters are currently using a phishing method to get hold of your WordPress login data. This is done very ingeniously through the victim's email inbox. This scam method is characterized by deceptively real design elements, layout and content of legitimate messages. However, these mails are copies of the real system messages that inform users to update their system. If you don't look closely, it can be dangerous ...


WordPress Phishing: Database Upgrade Required

With this method, website operators receive an email stating that their website's database needs an update:



Here scammers pretend to be WordPress and ask operators to update their database.
The operators are addressed as customers and put under pressure by the deadline mentioned in the text.


What happens if you follow the instruction?

If you follow the click on the blue button you come to a usual WordPress login page. Here the user should enter his user name and the password of his own WordPress installation.

A page then appears on which the website URL and the database username are requested.


The attackers then save the account details in a database. There are two harmful practices associated with this type of behavior:

  1. WordPress site hijack - Every time the credentials are stolen from a website, the hacker operator is notified. With the help of the hijacked username and password combination, the hacker is able to log into the WordPress website and take full control.
  2. WordPress credentials theft - All information collected is stored in a database that is offered for sale on illegal markets. Interested parties can use the information for marketing or blackmail purposes.


What exactly are the attackers trying to use this fraud method?

This is a classic type of phishing. The fraudsters have built a page that looks deceptively similar to a classic WordPress login page. They aim to get concerned website operators to provide their WordPress login details. In the next step, the hacker determines which website this data belongs to. For this reason, another page appears to also query this information. As soon as the fraudsters have all the necessary data to gain access to a WordPress installation, the page view is forwarded to


How do I know if it is fraud?

We have summarized the most important starting points with which you can quickly find out that the mail cannot possibly be an official WordPress mail so that you can immediately see whether it is malware.

If you're sure you haven't asked for a security update before, leaveNo way following a request that requires you to provide your user data.

  • Check whether you really know the sender's email address
  • Check the security certificates and domain name
  • Is there any personal information missing, such as the personal address as a customer?
  • If you notice incorrect spelling or grammar in the email, you should be vigilant!


What should I do if I have already entered my details?

If you have already entered your data, the fraudsters have access to your data.
Change your login details as soon as possible!


Because it cannot be ruled out that even more complex scenarios will arise in the future, as a result of which hackers will try to gain access to sensitive data, it is important that your WordPress site remains protected. If you want to find out more about the dangers of WordPress, we recommend our WordPress Security Advisor.

We at HostPress make sure that your websites are accessible. Should you still have problems and you don't know what to do next, our WordPress team of experts is always there for you. You can also find regular information on current WordPress topics on our blog!