WordPress Security Alert: AMP Plugin

WordPress Developer AMP plugin

Orlando WordPress Developer

Accelerated Mobile Pages (AMP) is a project backed by Google that aims to speed up websites on mobile devices. In order to seamlessly incorporate this project into their websites, the WordPress plugin repository plugin repository offers 2 plugins to automatically add Accelerated Mobile Pages into websites.

Since a website’s speed on all devices has recently become an important piece in SEO, it is not surprising that over 400,000 WordPress sites are currently using an AMP plugin.

The WordPress Security Threat

This week, Wordfence reported several security vulnerabilities for the plugin AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi.  Wordfence uncovered a sophisticated attack campaign that is targeting the recently disclosed cross-site scripting (XSS) vulnerability.

Simply put, the plugin vulnerabilities allow hackers to modify the plugin’s own options stored in the WordPress database. This is particularly dangerous since it creates the possibility to inject the following XSS payload into the victim’s site content with the goal of affecting a logged-in administrator. Furthermore, this allows the creation of a rogue administrator account in your site.

How do I fix the WordPress Plugin Security Issue?

The possibility of a stranger having this much access into your website is nerve-wracking, there are steps you can take now to protect your website. Take a look at the suggestions below to stay safe during these attacks:

  • Update AMP to its’ latest version, according to WordFence’s report on the issue:
    “ MP For WP’s security fix was available for nearly two weeks before these attacks began, hopefully placing a hard limit on the exploitable attack surface of this vulnerability”
  • Install WordFence. Premium Wordfence users count with a rule on WordFence’s firewall that prevents such malicious interventions, and will soon be released for Free WordFence’s users.

Your website’s security is an extremely important matter, take the necessary actions to keep it safe. If you would like to learn more about the attacks, make sure to check out this article “ XSS Injection Campaign Exploits WordPress AMP Plugin


Orlando WordPress Website Maintenance

At M5 Design Studio, we are WordPress experts located in Orlando Florida. If you would like to secure your WordPress website contact us now for a free quote.

 

Category: Orlando Wordpress, Wordpress Orlando Tags: , , , , , , No Comments
orlando wordpress developer

It’s Time to Update to WordPress 5.6

WordPress Web Development Yesterday, WordPress released their latest update, WordPress 5.6 “Simone.” If you are a w... Read More »
orlando wordpress developer

New WordPress Plugin for Google Web Stories

WordPress Developer Google has created a new format for sharing content called Web Stories. The format is almost identi... Read More »
orlando wordpress developer

Expect Broken Links to Embedded Facebook and Instagram Posts in Websites

WordPress Developer Facebook just announced a major change to user permissions that will result in broken links to Face... Read More »