Have you ever seen a notification in your mailbox that seems your website hosting company is informing you that your website database requires an update? People always notify us of phishing emails that target WordPress users.
In this article, I will show you how a WordPress database upgrade phishing campaign works and how to prevent your website from becoming attackers’ prey. A WordPress database upgrade phishing campaign looks like the screenshot below.
The screenshot above informs site owners that their database requires an update which seems like it is from the WordPress community or hosting registrar, however, the content includes typos and uses an older messaging style which makes it clear that it is sent by attackers. Another suspicious item in the screenshot is the deadline. WordPress wouldn’t define deadlines without a valid explanation, and hosting providers wouldn’t either (in case you doubt the email was from WordPress or your hosting registrar).
The above screenshot is the footer of the email shown in image 1. It mimics the one used by Automattic (the parent company of WordPress.com, Jetpack, WooCommerce, etc), but the link points to a phishing page on a different hacked website (please watch our video tutorial on this article so that you can see the link where their call to action, ”Click here to learn more” points to).
Now, let us explain how hackers use the ”WordPress database upgrade email or campaign” to hack websites.
How hackers can use a ‘WordPress database upgrade email or campaign’ to hack websites
If you click on the “Upgrade WordPress Database” button, a fake login page will be opened which is ready to collect your credentials. That page was created on a hacked but legitimate website.
Once you enter your credentials and click the “Log In” button, you’ll see the following screen asking for your site’s address and username. It’s also not entirely clear if they want to know your WordPress credentials or your database (cpanel) credentials.
If you click on the “Upgrade WordPress Database” button your credentials (website username and password) will be sent to the attackers.
I hope I have briefly explained how hackers are obtaining the site addresses and associating them with the stolen credentials.
Even if your website database is up to date, hackers may still be able to break into it if you give them your credentials via one of their methods we explained above in this article. They often try to fool webmasters into opening a web page that resembles a standard login page and type their credentials there without verifying the address of the page.
In the case above, attackers used a mailer on a compromised website as a delivery mechanism to send their phishing email campaign and collect the credentials of other WordPress users.
Once an attacker obtains a website’s credentials through this campaign, they are then able to upload backdoors, deface the site content, or use the website to serve malware. This can lead to blacklisting and significantly impact your site’s traffic and reputation.
Precautions to prevent your website from being hacked
If you use common sense and follow a few simple rules below, you can easily detect if a email is from hackers like the one we discussed in this article:
- Never trust an email that asks you to perform an action that you didn’t request especially if you haven’t received this type of email before.
- Verify that the sender matches the content in the email.
- Check the content for typos or poor formatting.
- Inspect URLs for legitimate domain names before finally clicking any call to action (link) in it.
Conclusion
If you find out that your website is having spam emails and you need an expert to help you fix it, we can help you get rid of malware and harden your website. You may see our guide on how to remove viruses on your website via cPanel.
Hope this article has helped you know how hackers can use a ‘WordPress database upgrade email or campaign’ to hack websites, then please subscribe to my YouTube channel for more updates. You can also find me on Facebook.
Feel free to ask me any question via the comment section. I am available to hire to design your website, remove viruses from your website, provide SEO seervices for your websites, etc. You may visit my Fiverr page for more.
These hackers 😔. Shame on you. The way this guy disclosed your secrets here.
Thank you for this helpful update Sir.
Smile
U’re welcome 🥰
Thank you for your feedback, Kenneth
Thanks for revealing hackers secrets to us for free. You are teaching us cybersecurity 😊😊
U re welcome 🥰
These hackers 😔. Shame on you. The way this guy disclosed your secrets here.
Thank you for this helpful update Sir.
Sir, please can you show me how to backup a WordPress-powered website database properly? You only talked about how attackers invade people to upgrade their backup which their aim is to hack their website. Answer my prayer please 🙏
Thank you for this enlightenment. I regularly receive emails like this. But I am too careful, I don’t click their call to action. I always go to my WordPress dashboard to confirm if my database update is really necessary to do.
I accepted everything you pointed out. This is how I see this type of email from hackers, their sentence is not correct and they mimick Automatic.