A new phishing scam is targeting website administrators by impersonating WordPress, tricking them into visiting update-plugins.org, a fake site made to look like WordPress.org. This scam, active since October 22, 2024, aims to steal credentials by urging users to log in and “secure” their WooCommerce plugin. CharlesWorks and WordPress will never send such emails requesting credentials. To protect yourself, always verify email links, enable image blocking in your email client, and use multi-factor authentication. Learn more about identifying phishing attempts. Stay vigilant to keep your online assets secure.