WordPress has grown in popularity over the years and allows people to easily create a website. With thousands of plugins available to download you can have a fantastic looking dynamic website online in no time.

But how safe are these plugins? Two compromised plugins have been discovered after hacking campaigns in as many weeks, the WordPress GDPR Compliance plugin fell victim and now the AMP plugin (Accelerated Mobile Pages) has been found to be flawed allowing hackers to create admin accounts and gain access to the website.

This vulnerability came to the general public’s attention after web security firm WebARX published how the plugin is being exploited.

The AMP plugin is installed on over 100,000 websites, websites that can potential hold private customer information and process credit cards. Although the plugin was removed for further downloads while a security fix was created the already installed plugins where left active.

The latest version of the plugin patches multiple critical security vulnerabilities and we advise anyone using WordPress where this plugin is installed to make sure everything is updated across all plugins.