A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name en-gb-wordpress.org. The domain name servers for that belong to none other than security provider CloudFlare:

bingo.ns.cloudflare.com

nikon.ns.cloudflare.com

Notably, the security news coverage and other WordPress security providers have been completely silent on that aspect of this situation, despite it being a striking issue for a security provider to be involved in a phishing campaign.

Someone reported having notified CloudFlare of their involvement with this, with no response so far.

Another element that stood out to us is that the domain name used contains the trademark WordPress. The owner of the WordPress trademark, the WordPress Foundation, states unequivocally that it can not be used in domain names:

Under no circumstances is it permitted to use WordPress or WordCamp as part of a domain name or top-level domain name.

We reached out to them about the usage of the trademark in this domain name as part of the phishing campaign.