Customers who purchased WPML, a multilingual plugin for WordPress, are receiving a suspicious email that looks similar to a phishing attempt. Matt Redford, a customer of WPML, kindly sent the Tavern a copy of the email. Dear Matt, We want to make sure that your WPML account remains secure. For this, we are updating all client accounts with auto-generated strong passwords. A strong password helps prevent unauthorized use of your WPML account. Our system will start the password update shortly. We will send you another email with your new password. All the best, WPML team Redford received a follow-up email that includes his new password in plaintext. WPML explains why the passwords were sent in plaintext, “We detected weak passwords in our system and following this we are enforcing, on a one-time procedure, strong passwords to all our clients. “As for sending them in plaintext, if you consider it not to be safe, please update your password in order to keep it secure,” WPML said. When questioned if passwords are stored in plaintext within the database, WPML replied, “As for storing passwords in our database we are not storing it in plaintext, we are using standard WordPress. Yes they’re
Share This