More threads by djbaxter

djbaxter

Administrator
Joined
Jun 28, 2012
Messages
3,778
Solutions
2
Reaction score
1,877
An Important Announcement For WordPress Users
by Brent Saner, A Small Orange
December 24, 2012

On Christmas Eve, knowledge of a rather serious security hole for ordpress was released.

The security hole, or ?vulnerability?, only affects users that are using the W3 Total Cache plugin for WordPress.

The details can be found here (and the technical details here).

However, no official patch has been provided yet, even in the most up-to-date version.

To combat this, go to the wp-content directory of every WordPress install you may have that has this plugin installed, and create a file named .htaccess in the w3tc directory there:

Code:
 [Wordpress installation directory]
 +wp-content
-+w3tc
?.htaccess
and in this .htaccess file, add the lines:

Code:
Order Allow,Deny
Deny from all
This will prevent outside access to the directory containing sensitive information. Alternatively, you may also want to configure W3TC to disallow cache directory listings.
 
Re: Security Vulnerability in W3 Total Cache plugin in for WordPress

New version released fixes the security vulnerability

WordPress › W3 Total Cache ? WordPress Plugins

Changelog

0.9.2.5


  • Fixed security issue that can occur if using database caching to disk. If using database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories. This patch works for all hosting environments / types where PHP is properly configured, i.e. .htaccess modifications (or other web server configuration changes) are not necessary to ensure proper security. Empty the database cache after performing the update if you use database caching to disk.
 

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Events

LocalU October 2024 Webinar

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom