While there is a lot of news coverage of supposed hacks of WordPress websites, there is vanishingly little data on what is actually happening. Often because security providers that should be collecting that data don't do the basic work of trying to figure out how websites have been hacked. You can help by submitting a report if you have had some involvement with a hacked WordPress website.

The information may be made public and shared with reputable security providers to help avoid more WordPress websites getting hacked. So don't include any sensitive information. Before being made public or shared, it will be reviewed to make sure it doesn't include sensitive information.

Not all fields need to be filled and may not be relevant to a hacking anyway, but the more information provided, the more it can help.

Web Host:
Web Host Service/Plan:
WordPress Version:
Active Plugins (This can be found on the Site Health Info admin page, /wp-admin/site-health.php?tab=debug): Must Use Plugins (This can be found on the Site Health Info admin page, /wp-admin/site-health.php?tab=debug): Malicious WordPress Admin Username:
Malicious WordPress Admin Email:
Description of Malicious Activity That Occurred on Website:
Cause of the Hacking:
Zip of Malicious Files (Make sure to not include any sensitive files):