WordPress Security Alert: AMP Plugin

Orlando WordPress Developer

Accelerated Mobile Pages (AMP) is a project backed by Google that aims to speed up websites on mobile devices. In order to seamlessly incorporate this project into their websites, the WordPress plugin repository plugin repository offers 2 plugins to automatically add Accelerated Mobile Pages into websites.

Since a website’s speed on all devices has recently become an important piece in SEO, it is not surprising that over 400,000 WordPress sites are currently using an AMP plugin.

The WordPress Security Threat

This week, Wordfence reported several security vulnerabilities for the plugin AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi. Wordfence uncovered a sophisticated attack campaign that is targeting the recently disclosed cross-site scripting (XSS) vulnerability.

Simply put, the plugin vulnerabilities allow hackers to modify the plugin’s own options stored in the WordPress database. This is particularly dangerous since it creates the possibility to inject the following XSS payload into the victim’s site content with the goal of affecting a logged-in administrator. Furthermore, this allows the creation of a rogue administrator account in your site.

How do I fix the WordPress Plugin Security Issue?

The possibility of a stranger having this much access into your website is nerve-wracking, there are steps you can take now to protect your website. Take a look at the suggestions below to stay safe during these attacks:

Update AMP to its’ latest version, according to WordFence’s report on the issue:
“ MP For WP’s security fix was available for nearly two weeks before these attacks began, hopefully placing a hard limit on the exploitable attack surface of this vulnerability”
Install WordFence. Premium Wordfence users count with a rule on WordFence’s firewall that prevents such malicious interventions, and will soon be released for Free WordFence’s users.

Your website’s security is an extremely important matter, take the necessary actions to keep it safe. If you would like to learn more about the attacks, make sure to check out this article “ XSS Injection Campaign Exploits WordPress AMP Plugin”

Orlando WordPress Website Maintenance

At M5 Design Studio, we are WordPress experts located in Orlando Florida. If you would like to secure your WordPress website contact us now for a free quote.

Author

M5 Design Studio

We are a small, but creative and passionate team of designers and developers specializing in web design, graphic design, branding & digital marketing.

5.0

Based on 35 reviews

review us on

Evelyn T

19:25 24 Aug 20

M5 Design Studio kindly offered our business free support in updating our online presence during the COVID-19 crisis. Some of their services included support in creating a Google listing to help people find our services in Google. It also included a banner to the top of our website to let customers know our current hours and important changes to our business during these times.We are forever grateful to M5 Design Studio for being generous, professional and helpful to us. Its an honor to have their support in the Orlando community. Thank you for helping Holistic Starlight be of service to the community, as well. It was wonderful working with Dominique and the team! FIVE STARS TO M5!

Romy Cuevas

11:21 01 Sep 18

I have had the best experience working with M5 Design Studio! They created a beautiful website for us which has brought so much more traffic to our business, we are so grateful! And they always help us come up with fresh new marketing strategies that work. They are dependent, reliable and over all a pleasure to work with. Definitely one of the best Orlando web design companies out there! Thank you!!!

Kristin Meyer

15:58 24 Aug 18

We have been so pleased with the work that M5 Design Studio has done for our business, Mindful Meals. They built us a beautiful website that is easy to navigate and visually appealing.Their client communication, even after the job has been completed, is top-notch and is one of the reasons we keep working with them for our additional website needs.If you are looking for a professional and reliable Orlando web design company that can get the job done right, we highly recommend M5 Design Studio.

Ralph L

22:15 23 Aug 18

M5 Design Studio is a hidden gem within the vast world of website design and technology companies. Although M5 is an Orlando website design company you don’t need to be a local business to benefit from their friendly, professional and attentive services. Martha and James at M5 Design Studio took our ambitious website concept from the idea stage to reality. The website is visually engaging, professional and mobile friendly, we can’t be happier with the outcome. It rivals websites that cost several thousands of dollars but it was very affordable and easy to update and maintain. We frequently receive compliments from people who call our office and think that we’re a national company because they checked-out our website. M5 Design Studio is more than just an Orlando website design company though. M5 designed our client presentation portfolio, company brochure, rack card, business cards, professional client handouts, referral card and there’s more marketing collateral in the works. We’ve learned to trust Martha, James and the M5 team with our business and that’s why we won’t partner with anyone else. If you’re looking for an affordable, knowledgeable, competent website design company, you would be doing yourself a disservice if you don’t take a minute to give Martha a call. Heart, Body & Mind Home Care.

Clinically Speaking

18:11 21 Aug 18

We have only good things to say about M5 Designs and would highly recommend them to anyone. M5 Designs is an Orlando web design company that has helped us create, maintain and update our website for 10 years. Maybe more!? From simple requests to complicated customizations, everything has always turned out great! Communicating with Martha and her team is easy and everything gets done quickly. We would never use anyone else and we do not hesitate to recommend them to anyone who asks. :)

WordPress Security Alert: AMP Plugin

Orlando WordPress Developer

The WordPress Security Threat

How do I fix the WordPress Plugin Security Issue?

Orlando WordPress Website Maintenance

Author

M5 Design Studio

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha

WooCommerce 8.3.0 Released

Latest Features in WordPress 5.8

CALL US

407-968-6296

Let’s Connect!

WordPress Security Alert: AMP Plugin

Orlando WordPress Developer

The WordPress Security Threat

How do I fix the WordPress Plugin Security Issue?

Orlando WordPress Website Maintenance

Author

M5 Design Studio

Related Posts

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha

WooCommerce 8.3.0 Released

Latest Features in WordPress 5.8