We’ve been receiving and filtering out more of these phishing emails aimed at getting login details for WordPress sites.

This phishing attempt is quite sophisticated.

When the link to login is clicked, the user is taken to a standard WordPress login page on the attackers site. After entering login credentials, the user is then re-directed to their own login page – it appears as though their initial login attempt  failed because of a typo, however their credentials have been recorded by the attacker.

It would be easy for a user to not even notice their credentials have been stolen.


Although the login link is hidden by the formatting of the HTML email (the orange button), a dead give away is the poor spelling and grammar. And the bogus attackers URL is revealed when the mouse hovers over the button.

One easy way to protect users against this type of attack is to customise their login page so it is significantly different to the default WordPress login page (something we do as standard when developing WordPress based sites). Then users have a visual clue that they are on the correct login page.




Stop using IE7 and get a Free new computer

It sounds incredible, but a US company is offering a brand new computer to it’s…

One last fix for XP…

Despite months/ years of warnings about no updates for Windows XP after April…

First post Windows XP security issue?

is this the first

Top 5 reasons why super fast broadband is good for business

Super fast broadband continues to be rolled out in Leicestershire, but what…

Another earthquake hits Rutland

This made us chuckle: After the devastating news of the third earthquake to…

What is Cloud Computing?

Cloud Computing is the latest IT Jargon and seems to relate to everything new…

Better-IT Limited

3-3a Barrow Road, Sileby, Leicestershire, LE12 7LW.


t: 0333 202 6365

Find us on:
Google Maps


Copyright © 2020 Better-IT Limited.
Page loaded in 0.115 seconds.