WordPress Security Alert: AMP Plugin

WordPress Developer AMP plugin

Orlando WordPress Developer

Accelerated Mobile Pages (AMP) is a project backed by Google that aims to speed up websites on mobile devices. In order to seamlessly incorporate this project into their websites, the WordPress plugin repository plugin repository offers 2 plugins to automatically add Accelerated Mobile Pages into websites.

Since a website’s speed on all devices has recently become an important piece in SEO, it is not surprising that over 400,000 WordPress sites are currently using an AMP plugin.

The WordPress Security Threat

This week, Wordfence reported several security vulnerabilities for the plugin AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi. Wordfence uncovered a sophisticated attack campaign that is targeting the recently disclosed cross-site scripting (XSS) vulnerability.

Simply put, the plugin vulnerabilities allow hackers to modify the plugin’s own options stored in the WordPress database. This is particularly dangerous since it creates the possibility to inject the following XSS payload into the victim’s site content with the goal of affecting a logged-in administrator. Furthermore, this allows the creation of a rogue administrator account in your site.

How do I fix the WordPress Plugin Security Issue?

The possibility of a stranger having this much access into your website is nerve-wracking, there are steps you can take now to protect your website. Take a look at the suggestions below to stay safe during these attacks:

  • Update AMP to its’ latest version, according to WordFence’s report on the issue:
    “ MP For WP’s security fix was available for nearly two weeks before these attacks began, hopefully placing a hard limit on the exploitable attack surface of this vulnerability”
  • Install WordFence. Premium Wordfence users count with a rule on WordFence’s firewall that prevents such malicious interventions, and will soon be released for Free WordFence’s users.

Your website’s security is an extremely important matter, take the necessary actions to keep it safe. If you would like to learn more about the attacks, make sure to check out this article “ XSS Injection Campaign Exploits WordPress AMP Plugin


Orlando WordPress Website Maintenance

At M5 Design Studio, we are WordPress experts located in Orlando Florida. If you would like to secure your WordPress website contact us now for a free quote.

 

Category: Orlando Wordpress, Wordpress Orlando Tags: , , , , , , No Comments
woocomerence

Sync Your WooCommerce Store With QuickBooks

Orlando WordPress Developer Quickbooks is an accounting program that helps business owners manage bills, use payroll fu... Read More »
Orlando Digital Marketing MailChimp

Email Marketing: New MailChimp Pricing Plan

Orlando Digital Marketing Agency On May 15th, Mailchimp introduced a new pricing plan in an attempt to add more options... Read More »
Orlando WordPress Maintenance

WooCommerce Checkout Manager Plugin Security Vulnerabilities

Orlando WordPress Developer If you have asked yourself “How do I customize my WooCommerce Checkout page?” There’s... Read More »