Yes that is either a phishing attempt or they’re trying to get you to install malware.
2 main clues:
First the displayed link and the actual URL it goes to are different.
Second and most importantly, just because the URL has wordpress.com in it doesn’t make it an official wordpress site. The actual domain in the url is sandikci.net
As long as the user didn’t enter a username and password you’re probably ok. It’s possible the sandikci.net was hacked, it was noticed and the page was removed before your person tried the link.
Hi, nfurlan. Please *do not* click that link! Mods, please redact.
I don’t know what email client you use, but you can always have a look at the headers to see who the email is actually from. In this case, the domain being linked to is sandikci.net.
If the link was clicked, & there was an error, hopefully no damage was done, but the computer should likely be scanned for malware, just in case.
You’re always given an option to update WordPress, including plugins & theme files, through your website–thus, an email link stating that updates are available should never ever be clicked. If you have premium plugins & themes, they might provide different options, but, here again, always download the update only from the vendor’s website & never click an email link.
Thanks for bringing this to everyone’s attention.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Jackie, to guarantee a moderator’s attention tag the thread with “modlook”.
Thanks everyone, so sorry for posting that link! Did not mean to do any harm to anyone else.
Do you know how I can tell if our site has been compromised due to this?
Well… did you download and install anything?
I have also just received one of these mails. Fortunately it was the day after I upgraded all sites for which I’m responsible (including the one referred to in the message) to WP 4.1, so the reference to an upgrade to WordPress 4.0.1 rang some alarm bells. 🙁
Nope, I hadn’t recently installed any new plugins, just upgraded the ones I already had.
Very weird, Russell. Did you notice any other weird behavior?
Here is the list of plugins we have installed. Let me know if you have any in common:
Akismet
Broken Link Checker
Capability Manager Enhanced
Easy FancyBox
Events+
EWWW Image Optimizer
Google Custom Search
Gravity Forms
Gravity Forms Mailchimp Add-On
Gravity Forms PayPal Standard Add-ON
LayerSlider WP
Lazy Load
Microkid’s Related Posts
P3 (Plugin Performance Profiler)
PopUp Pro
Redirection
Shareaholic
Shortcodes Ultimate
Snapshot
SSH SFTP Updater Support
State and Zip Field Modifier
Tabber Tabs Widget
Types
WordPress Notification Bar
WordPress Popular Posts
Wordpress SEO
WP-Mail-SMTP
WP Gallery Custom Links
WPMU DEV Dashboard
WP Views
(I didn’t realize how many plugins we have installed until I just typed this out – wow!)
