WordPress Real or WordPress Fake?

This week, some WordPress users were surprised to find that the new version of WordPress that they downloaded was full of malicious trojans. We too were surprised when we heard about it. But there’s an easy way to avoid this from happening to you.

How To Make Sure That Your Software Is Always Genuine

There are a few quick things that you should always do before downloading any WordPress software, themes, or plugins.

  1. Always make sure that the website is trustworthy. If you are downloading WordPress software, only download it from the official WordPress.org website. Similarly, until you can verify the trustworthiness of an external website, only download plugins and themes from WordPress.org. Of course, there are hundreds of great themes are plugins that are not hosted on WordPress because of certain restrictions. So you could try verifying a website by asking about it in the WordPress forums, checking out site popularity via Alexa rank, as well as Google pagerank.
  2. Check the file size of the zipped archive. Perhaps you didn’t download software directly from WordPress.org. You can quickly verify that it is not a rogue copy by checking the file size of the archive and making sure that it is the same as the software offered on the WordPress website.
  3. There is no WordPress 2.6.4. Recently, users were lured in to this attack after noticing the availability of a patched version of WordPress, version 2.6.4. Well, sorry guys. This version does not yet exist. Always check for new releases at the WordPress.org website. (This site was able to exploit a recently announced dashboard bug. WordPress users were notified of the new released from their blog dashboards! Upgrade to 2.6.3 to avoid this problem in the future.)
  4. Make sure it is not a spoof website. The WordPress website which fooled so many users did so by making itself look like the real deal. It looked the same, all except for the Showcase link. And the domain was WordPresz.org. Clearly, that is a small detail that is easy to miss. (See the screenshot of the fake website below.)

WordPresz.org, The Offending Website

We only know about one, but any website could do this. And given today’s technology, it is really easy and quick to duplicate a website. See the screenshot below. The fake website is almost identical to the WordPress.org website!


WordPresz.org (Screenshot of Imposter WordPress website.)

WordPresz.org Screenshot   

 So now that this WordPress dashboard hack is public, it is necessary that you upgrade to 2.6.3. If you decide not to upgrade, just be wary of any similar news.


For additional information on how to spot a fake, see Craig Murphy’s article on WordPresz 2.6.4.

Tags: , , , ,

1 Response to “WordPress Real or WordPress Fake?”

  • Jessica March 1, 2011 at 11:01 am

    Thank god that site is taken off. One of my clients emailed me asking about wordpress changing URLs. I immediately asked her to delete her stuff and gave her the right URL to download wordpress.


Trackback URL:

Leave a Reply

Want us to work on your project?

Contact us today for a quote. Click here to submit details regarding your project.

If you are making a general inquiry, send an email to info@velvetblues.com

Go Daddy Deal of the Week: Cheap .COM Domains! Offer expires soon!