WordPress Security Alert: AMP Plugin

WordPress Developer AMP plugin

Orlando WordPress Developer

Accelerated Mobile Pages (AMP) is a project backed by Google that aims to speed up websites on mobile devices. In order to seamlessly incorporate this project into their websites, the WordPress plugin repository plugin repository offers 2 plugins to automatically add Accelerated Mobile Pages into websites.

Since a website’s speed on all devices has recently become an important piece in SEO, it is not surprising that over 400,000 WordPress sites are currently using an AMP plugin.

The WordPress Security Threat

This week, Wordfence reported several security vulnerabilities for the plugin AMP for WP – Accelerated Mobile Pages by Ahmed Kaludi.  Wordfence uncovered a sophisticated attack campaign that is targeting the recently disclosed cross-site scripting (XSS) vulnerability.

Simply put, the plugin vulnerabilities allow hackers to modify the plugin’s own options stored in the WordPress database. This is particularly dangerous since it creates the possibility to inject the following XSS payload into the victim’s site content with the goal of affecting a logged-in administrator. Furthermore, this allows the creation of a rogue administrator account in your site.

How do I fix the WordPress Plugin Security Issue?

The possibility of a stranger having this much access into your website is nerve-wracking, there are steps you can take now to protect your website. Take a look at the suggestions below to stay safe during these attacks:

  • Update AMP to its’ latest version, according to WordFence’s report on the issue:
    “ MP For WP’s security fix was available for nearly two weeks before these attacks began, hopefully placing a hard limit on the exploitable attack surface of this vulnerability”
  • Install WordFence. Premium Wordfence users count with a rule on WordFence’s firewall that prevents such malicious interventions, and will soon be released for Free WordFence’s users.

Your website’s security is an extremely important matter, take the necessary actions to keep it safe. If you would like to learn more about the attacks, make sure to check out this article “ XSS Injection Campaign Exploits WordPress AMP Plugin

Orlando WordPress Website Maintenance

At M5 Design Studio, we are WordPress experts located in Orlando Florida. If you would like to secure your WordPress website contact us now for a free quote.


Category: Orlando Wordpress Tags: , , , , , , No Comments


M5 Design Studio

We are a small, but creative and passionate team of designers and developers specializing in web design, graphic design, branding & digital marketing.

Hcaptcha Wordpress Plugin Alternative To Googles Recaptcha

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha

ORLANDO WORDPRESS DEVELOPER If you have a WordPress website, you know how important it is to protect it from spam, b
New Woocommerce Released Orlando

WooCommerce 8.3.0 Released

ORLANDO WORDPRESS DEVELOPER Whats new? Cart, Checkout, and Order Confirmation Blocks Are Default on New Ins
Wordpress 5.8 release maintenance

Latest Features in WordPress 5.8

WordPress Developer WordPress Version 5.8 was released on July 20th, 2021 with several features anticipated by web devel

Comments are closed.