WordPress Security Alert: AMP Plugin

WordPress Developer AMP plugin

Orlando WordPress Developer

Accelerated Mobile Pages (AMP) is a project backed by Google that aims to speed up websites on mobile devices. In order to seamlessly incorporate this project into their websites, the WordPress plugin repository plugin repository offers 2 plugins to automatically add Accelerated Mobile Pages into websites.

Since a website’s speed on all devices has recently become an important piece in SEO, it is not surprising that over 400,000 WordPress sites are currently using an AMP plugin.

The WordPress Security Threat

This week, Wordfence reported several security vulnerabilities for the plugin AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi.  Wordfence uncovered a sophisticated attack campaign that is targeting the recently disclosed cross-site scripting (XSS) vulnerability.

Simply put, the plugin vulnerabilities allow hackers to modify the plugin’s own options stored in the WordPress database. This is particularly dangerous since it creates the possibility to inject the following XSS payload into the victim’s site content with the goal of affecting a logged-in administrator. Furthermore, this allows the creation of a rogue administrator account in your site.

How do I fix the WordPress Plugin Security Issue?

The possibility of a stranger having this much access into your website is nerve-wracking, there are steps you can take now to protect your website. Take a look at the suggestions below to stay safe during these attacks:

  • Update AMP to its’ latest version, according to WordFence’s report on the issue:
    “ MP For WP’s security fix was available for nearly two weeks before these attacks began, hopefully placing a hard limit on the exploitable attack surface of this vulnerability”
  • Install WordFence. Premium Wordfence users count with a rule on WordFence’s firewall that prevents such malicious interventions, and will soon be released for Free WordFence’s users.

Your website’s security is an extremely important matter, take the necessary actions to keep it safe. If you would like to learn more about the attacks, make sure to check out this article “ XSS Injection Campaign Exploits WordPress AMP Plugin

Orlando WordPress Website Maintenance

At M5 Design Studio, we are WordPress experts located in Orlando Florida. If you would like to secure your WordPress website contact us now for a free quote.


Category: Orlando Wordpress, Wordpress Orlando Tags: , , , , , , No Comments
orlando web design

GoDaddy Security Breach: What You Should Do Next

Orlando Web Design Company On May 4, GoDaddy disclosed via email to their users that 28,000 hosting accounts have been ... Read More »
Header image for article titled Google Services Combined in New Wordpress Plugin

Google Services Combined in New WordPress Plugin

Orlando Wordpress Developer Google recently launched a new Google Wordpress plugin called “Site Kit”, easing the ta... Read More »

WooCommerce 3.7 New Release

Orlando Website Developer WooCommerce now powers over 30% of all online stores with over 1M+ downloads WooCommerce 3.7... Read More »