GradeUs banner  below header new
Thanks Thanks:  0
Likes Likes:  0
Results 1 to 2 of 2
  1. #1
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,249
    Thanks (Received)
    136
    Likes (Received)
    103

    Fixed: Security Vulnerability in W3 Total Cache plugin in for WordPress

    An Important Announcement For WordPress Users
    by Brent Saner, A Small Orange
    December 24, 2012

    On Christmas Eve, knowledge of a rather serious security hole for ordpress was released.

    The security hole, or “vulnerability”, only affects users that are using the W3 Total Cache plugin for WordPress.

    The details can be found here (and the technical details here).

    However, no official patch has been provided yet, even in the most up-to-date version.

    To combat this, go to the wp-content directory of every WordPress install you may have that has this plugin installed, and create a file named .htaccess in the w3tc directory there:

    Code:
     [Wordpress installation directory]
     +wp-content
    -+w3tc
    —.htaccess
    and in this .htaccess file, add the lines:

    Code:
    Order Allow,Deny
    Deny from all
    This will prevent outside access to the directory containing sensitive information. Alternatively, you may also want to configure W3TC to disallow cache directory listings.

  2. GradeUs in thread
  3. #2
    Member Since
    Jun 2012
    Location
    Ottawa, Canada
    Posts
    2,249
    Thanks (Received)
    136
    Likes (Received)
    103

    Re: Security Vulnerability in W3 Total Cache plugin in for WordPress

    New version released fixes the security vulnerability

    WordPress › W3 Total Cache « WordPress Plugins

    Changelog

    0.9.2.5


    • Fixed security issue that can occur if using database caching to disk. If using database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories. This patch works for all hosting environments / types where PHP is properly configured, i.e. .htaccess modifications (or other web server configuration changes) are not necessary to ensure proper security. Empty the database cache after performing the update if you use database caching to disk.

Similar Threads

  1. New Schema Creator WordPress Plugin
    By Linda Buquet in forum Local SEO Tools & Software
    Replies: 13
    Last Post: 08-02-2013, 12:04 PM
  2. Replies: 8
    Last Post: 09-27-2012, 08:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Local Marketing Summit banner above footer new