Russian Cybercriminals Hijack WordPress Sites with Fake Support Scams
- Nishadil
- June 22, 2026
- 0 Comments
- 2 minutes read
- 3 Views
- Save
- Follow Topic
How a Sham ‘Security Service’ is Luring WordPress Owners into Fraudulent Traps
A new ransomware‑style scam, run by Russian hackers, pretends to offer WordPress security fixes, then steals money, credentials, and site control.
WordPress powers roughly 40 % of the internet, which makes it a magnet for both legitimate developers and, unfortunately, malicious actors. In the past few months a Russian‑run operation has been slipping a fake “security‑service” offer into the hands of unsuspecting site owners.
It starts innocently enough: a pop‑up on a WordPress admin dashboard or an email that looks surprisingly official, promising a free scan, a quick patch for a reported vulnerability, or even a custom plugin to harden the site. The language is friendly, the branding mimics well‑known security firms, and the call‑to‑action urges the owner to click a link or reply with a phone number.
Once the victim takes the bait, the scammers request remote‑desktop access or ask for the site’s admin credentials. With that foothold, they drop a back‑door or a tiny piece of malicious code that silently copies login data, injects spam, or even encrypts the entire site – effectively holding it hostage for a ransom.
Security researcher Elena Kovaleva, who has been tracking the campaign, says the operation is surprisingly polished. “They’ve crafted a narrative that feels like genuine tech support. The emails reference recent WordPress updates, they even quote publicly disclosed vulnerabilities, which gives them an air of credibility,” she explains.
What makes this scam especially nasty is its veneer of assistance. Rather than a blunt phishing link, victims are led through a step‑by‑step “fix” process, often over a Zoom call. By the time the owner realizes something’s wrong, the malicious plugin is already embedded, and any backups they might have are either outdated or themselves compromised.
So, how can you protect yourself? First, remember that legitimate WordPress support never asks for your admin password via email or a phone call. Always download plugins and themes from the official repository or a trusted vendor. Enable two‑factor authentication on your admin account, keep all core files, themes, and plugins up to date, and consider a security‑focused hosting provider.
If you suspect you’ve been targeted, disconnect the site from the internet, change every password, and restore from a clean backup made before the intrusion. Reporting the incident to your hosting provider and to local cyber‑crime authorities can also help halt the scammers’ momentum.
In short, the lure of a free fix can be too tempting, but a moment’s caution can save you weeks of cleanup and a hefty ransom bill.
Editorial note: Nishadil may use AI assistance for news drafting and formatting. Readers can report issues from this page, and material corrections are reviewed under our editorial standards.
