Phishing WordPress site

• 

  goldtouchinc · Member · Jul 29, 2025 at 8:26 pm

  • Copy link
  • Add topic to favorites

  I received an email that appears to be from WordPress that takes me to a WordPress site that my password manager recognizes as legitimate and offers up my WordPress credentials for various WordPress pages for which I have credentials. Can a phishing site like this get your password if you log into it?

• 

  staartmees · Member · Jul 30, 2025 at 6:20 am

  • Copy link

  Only an email coming from @wordpress.com is really coming from wordpress. But even then it’s very easy to spoof an emailaddress.

  Of course a phisphing site can get your login credentials, that’s what they are made for.

  What is the URL of that phisphing site?

• 

  goldtouchinc · Member · Jul 30, 2025 at 3:45 pm

  • Copy link

  This is the site. I removed the link.

  https://vannyneo.com/?l=wp&ridz=verify_?=c2FsZXNAZ29sZHRvdWNoaW5jLmNvbQ==

• 

  staartmees · Member · Jul 30, 2025 at 4:08 pm

  • Copy link

  Hopefully you didn’t share your login information …

• 

  kaichicha · Member · Jul 30, 2025 at 4:16 pm

  • Copy link

  Hi @goldtouchinc,

  I’ve checked the domain vannyneo.com, and while we’re unable to determine the exact hosting provider due to the use of Cloudflare, I can confirm that the domain is not linked to any account here at WordPress.com. For more information on the domain, you can refer to this link: https://wordpress.com/site-profiler/vannyneo.com

  We recommend reaching out to the domain’s registrar, Namecheap, to report this matter.

  If you have any other questions, feel free to let me know!

• 

  goldtouchinc · Member · Jul 30, 2025 at 5:06 pm

  • Copy link

  I did not.

• 

  josefhtest · Member · Jul 30, 2025 at 5:45 pm

  • Copy link

  Hi @goldtouchinc,
  

  I’m glad to hear you didn’t enter your login information. That means your WordPress.com account remains secure.

  To be extra safe, I’d recommend the following steps:

  1. Enable Two-Step Authentication (2FA) on your WordPress.com account if you haven’t already. This adds another layer of protection even if someone does get your password:
     How to enable 2FA
  2. If you have any doubts at all, update your WordPress.com password to something strong and unique.
  3. Checking the sender’s email address — Official emails from WordPress.com will come from @wordpress.com addresses. If the sender looks suspicious or unfamiliar, it’s best to proceed with caution.
  4. Identifying legitimate WordPress.com emails — Our emails usually include your site name, details relevant to your account, and we’ll never ask for sensitive information like your password via email.

  If you run into any issues or see other suspicious activity, let us know.