WP Super Cache & W3 Total Cache Users: Are Your Sites Vulnerable?

Are your sites vulnerable?

Not updating vulnerable plugins is one of the biggest mistakes anyone running WordPress can make. And it seems some of the world’s most visited sites are making that exact mistake. … Are you?

A number of weeks ago, perhaps the two most popular caching plugins, WP Super Cache and W3 Total Cache, both updated their code to patch a security vulnerability. HackerTarget.com reports that a quick check of the top 100,000 sites reveals that less than 50% of those sites that run W3 Total Cache have updated their plugins to the latest secure version.

The exact numbers for WP Super Cache are not known, but it’s not unreasonable to think they’re similarly dismal.

The bigger you are, the harder you fall. But you don’t have to be big to be vulnerable. If you’re running one of these popular plugins, it might serve you to make sure your copy is up to date.

Update! Update! Always, always update!

Featured Plugin - WordPress Wiki Plugin

To get a wiki up and running you used to need to install Mediawiki and toil away for days configuring it... not any more! This plugin gives you *all* the functionality you want from a wiki, in WordPress!!!
Find out more

Photo credit: Sibel

Comments (10)

  1. Hi Joe

    I don’t use either of these plugins, but I did read about it when the news broke.

    I find it hard to believe that people have not updated.

    “Update! Update! Always, always update!

    • Hey Keith! I’m glad to hear you don’t use either of these plugins. I thought I might be the only one as they are so popular. I don’t use them because In all my experiences with these plugins my sites have slowed down tremendously.

      Do you use anything instead that you can recommend?

        • Hey, thanks Keith. I hate to share response as it is not positive about the author of Quick Cache who is a great contributor to the WordPress.org community.

          I actually was using Quick Cache sometime back. It works as it says for sure. I stopped using it though because I started digging into website security more and have a default security setup on installations. What I discovered is that Quick Cache required my wp.config.php to be set at permissions of 777 for quick cache to work. I got an alert notice of it in the Quick Cache admin area. I studied it out and WordPress.org say themselves that this file should be set less than that. I can’t remember off hand the permission level though.

          Either way, I totally have stayed away from it since. I even posted a security risk review on the review thread 3 times and it got deleted I guess every time. The other reason why I quit using it coupled with the main reason is because it hasn’t been updated since 2011, though the author is obviously still active in the WordPress.org community. So, I don’t know what to make of that, that the author doesn’t care too much about his plugin or has the time or knows the risk which I posted and got deleted, or just didn’t care to respond to me to sort it out, but I do know my comment got deleted time after time. I’m not even sure how comments are moderated on WordPress.org, I just know my review never stays on that specific thread and I always give a review on a plugin when it is good. I never give bad reviews unless it is a security risk because I like to help support when I can.

          • Thanks for that Noahj
            Not noticed that the plugin had not been updated since 2011!

            I’ll take a look at the file permission value recommended for wpconfig.

            Appreciate you pointing this out.

  2. I am currently using W3TC and it do its job great but it creates a huge amount of innodes and files which cause slow response
    my site www(.)nxttech.org
    please visit here and tell me what makes my site slow
    W3tc or an another thing.

  3. One of the main problems that I see with people using WP is that they don’t know what to do when there is an update.
    A lot of people think is not important, and ignore the updates..
    Big mistake..

Participate