Posted On 25 Dec 2018
It appears that hackers have recently uncovered a vulnerable spot in a much-used WordPress plug-in that they have been employing to create backdoors to websites, add custom code, and gain administrative access.
The problem plug-in was the AMP (accelerated mobile pages) for WP plug-in, which is intended to speed up website loading for mobiles. This plug-in was removed from the official WordPress plug-in store on October 21, and its many users (100,000+) were presented with a message stating that it could no longer be downloaded.
The WordPress developer blog described the problem as temporary and said that the plug-in would return quickly once a vulnerability issue had been repaired. The only detail it gave was that it was possible for unauthorized users to access administrative functions. The blog post advised that users of the plug-in could continue using it.
A repaired version of the plug-in has now been released and more details have been unveiled. It appears that unauthorized users could use the loophole to alter all plug-in options and add malicious code like malware or cryptomining features to a website. Experts say that hackers have employed the loophole to create a bug by which they set up new admin user accounts for websites, currently under the name “supportuuser”, although that could change.
Developers have advised that it is vital that any users of AMP for WP should update their plug-in to the newest version, which is 0.9.97.20.
More generally, warnings have been issued that anyone self-hosting a WordPress site must make sure that they keep themselves continually up to date with the latest versions of all plug-ins, installing updates and patches as they are issued. Hackers are regularly probing WordPress and the thousands of plug-ins available for weaknesses that will enable them to access websites for malicious purposes.
The safest way to defend your site against such attacks is to allow automatic updates as much as possible; if this feature is not available for certain plug-ins, you should continually monitor for updates and install them as soon as you can.