Action You Must Take Immediately if You’re an AMP User

Action You Must Take Immediately if You’re an AMP User

Dennis Snider

263 Posts

351 views

0

(2.4)

It appears that hackers have recently uncovered a vulnerable spot in a much-used WordPress plug-in that they have been employing to create backdoors to websites, add custom code, and gain administrative access.

The problem plug-in was the AMP (accelerated mobile pages) for WP plug-in, which is intended to speed up website loading for mobiles. This plug-in was removed from the official WordPress plug-in store on October 21, and its many users (100,000+) were presented with a message stating that it could no longer be downloaded.

The WordPress developer blog described the problem as temporary and said that the plug-in would return quickly once a vulnerability issue had been repaired. The only detail it gave was that it was possible for unauthorized users to access administrative functions. The blog post advised that users of the plug-in could continue using it.

A repaired version of the plug-in has now been released and more details have been unveiled. It appears that unauthorized users could use the loophole to alter all plug-in options and add malicious code like malware or cryptomining features to a website. Experts say that hackers have employed the loophole to create a bug by which they set up new admin user accounts for websites, currently under the name “supportuuser”, although that could change.

Developers have advised that it is vital that any users of AMP for WP should update their plug-in to the newest version, which is 0.9.97.20.

More generally, warnings have been issued that anyone self-hosting a WordPress site must make sure that they keep themselves continually up to date with the latest versions of all plug-ins, installing updates and patches as they are issued. Hackers are regularly probing WordPress and the thousands of plug-ins available for weaknesses that will enable them to access websites for malicious purposes.

The safest way to defend your site against such attacks is to allow automatic updates as much as possible; if this feature is not available for certain plug-ins, you should continually monitor for updates and install them as soon as you can.

5 thoughts on “Action You Must Take Immediately if You’re an AMP User

  1. Antonio

    Howdy! Do you know if they make any plugins to protect against hackers?
    I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

    Feel free to visit my web page – website hosting services

    August 11, 2020 at 8:33 am Reply
  2. Camilla

    Hello, I enjoy reading all of your article.
    I like to write a little comment to support you.

    Visit my blog post :: web hosting sites

    August 11, 2020 at 11:01 am Reply
  3. Jeannie

    My relatives all the time say that I am wasting my time here at net, except I know I am getting know-how every day by reading such fastidious articles.

    cheap flights y2yxvvfw

    August 24, 2020 at 11:31 am Reply
  4. Niki

    Hi! This post couldn’t be written any better!
    Reading this post reminds me of my previous room mate!
    He always kept chatting about this. I will forward this page to
    him. Fairly certain he will have a good read. Many thanks for sharing!

    my web blog cheap flights

    August 26, 2020 at 9:22 pm Reply
  5. Thanh

    I’m not that much of a internet reader
    to be honest but your sites really nice, keep it up! I’ll go ahead and bookmark your site to come back in the
    future. Many thanks

    my homepage black mass

    August 30, 2020 at 9:37 pm Reply

Leave a Reply

Your email address will not be published. Required fields are marked *