djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,521
Reaction score
1,664
An Important Announcement For WordPress Users
by Brent Saner, A Small Orange
December 24, 2012

On Christmas Eve, knowledge of a rather serious security hole for ordpress was released.

The security hole, or ?vulnerability?, only affects users that are using the W3 Total Cache plugin for WordPress.

The details can be found here (and the technical details here).

However, no official patch has been provided yet, even in the most up-to-date version.

To combat this, go to the wp-content directory of every WordPress install you may have that has this plugin installed, and create a file named .htaccess in the w3tc directory there:

Code:
 [Wordpress installation directory]
 +wp-content
-+w3tc
?.htaccess
and in this .htaccess file, add the lines:

Code:
Order Allow,Deny
Deny from all
This will prevent outside access to the directory containing sensitive information. Alternatively, you may also want to configure W3TC to disallow cache directory listings.
 

djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,521
Reaction score
1,664
Re: Security Vulnerability in W3 Total Cache plugin in for WordPress

New version released fixes the security vulnerability

WordPress › W3 Total Cache ? WordPress Plugins

Changelog

0.9.2.5


  • Fixed security issue that can occur if using database caching to disk. If using database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories. This patch works for all hosting environments / types where PHP is properly configured, i.e. .htaccess modifications (or other web server configuration changes) are not necessary to ensure proper security. Empty the database cache after performing the update if you use database caching to disk.
 
Similar threads
Thread starter Title Forum Replies Date
J Android Browser Wrong # How to Fix? Local Search 2
LocalSEODat Need help with a suspended GMB - Client had home address as place of biz, then suspended. Fixed to meet customers and got reply with no reason Service Area Businesses 6
djbaxter WordPress 5.5 update breaks plugins: Here’s the fix Websites, Software, and Security 6
virens Reporting SABs incorrectly set up with fixed addresses Spam on Google 12
Oliver Keates How to list a mobile business that doesn't have a fixed address Google My Business & Google Maps 3
H After the Foundation is fixed. . . . Consultant's Corner 5
djbaxter WordPress 4.9.4 Fixes Critical Auto Update Bug in 4.9.3 Websites, Software, and Security 0
F [Help] Fixing Listings on Brownbook & MerchantCircle Local Search 3
Bruce Bird Business in multiple locations with no fixed base Local Search 1
L Analysing a google local ranking drop and how to fix it ? Local Search 2
Linda Buquet DAVID - Post broke forum template. Can you fix? Mod Squad 3
Garrett Sussman Why Clients Don't Live Up to Their End of the Bargain (and How to Fix It) Local Reviews 2
Colan Nielsen Google Is Fixing The ?Permanently Closed? Problem Google My Business & Google Maps 2
Eric Rohrback A Great Story about a Manual Penalty - How would you fix it? Marketing 6
Linda Buquet Major Google Local Algo Changes - No it was a BUG, Now Fixed Google My Business & Google Maps 36
Gsmithmike Shall i Clean wrong citations with physical addresses or fix it? Citations 1
L Fixing Citations - Questions for Other Consultants Consultant's Corner 12
D Fixing/Building Local Citations - The Options... Citations 4
Linda Buquet How to Fix a Negative Review with Compassion & Contrition Local Reviews 7
Erim Foster Fixing or removing erroneous citations for SAB with hidden address Citations 8
Dustybones Google Pigeon Update: Why you dropped and how to fix it? Local Search 3
R Fixing Several Duplicates Under One Dash Google Duplicates & Merges 5
RobinOctane Fixing Several Duplicates Under One Dash Google Duplicates & Merges 5
V Updated address, never showed, called to fix. forced to google+ Disapeared Google My Business & Google Maps 7
Cam Is Google going to fix Local Search results favoring PPC clients and Diectories? Local Search 2
BWrightTLM How do I fix old citations with wrong NAP? Citations 1
Dustybones Fixing Google Map Markers in office complexes, strip malls, etc.. Google My Business & Google Maps 0
djbaxter Don't Try To Fix Your Google Maps Listing Yourself, Call Google? Google My Business & Google Maps 8
L What Causes Google+ Local Merged Listings - How to Fix? Google Duplicates & Merges 4
Linda Buquet What Causes Google+ Local Merged Listings - How to Fix? Google Duplicates & Merges 4
G Clients G+L listing is missing photos - how do I fix the problem? Google My Business & Google Maps 3
Cleaner44 I found and fixed a problem today... something to be aware of Local Search 8
djbaxter Webinar Wordfence Live, Oct 27, 2020: How Secure is Your Hosting Provider? Events 0
djbaxter Security update Forum Software Updates and Technical Issues 3
djbaxter Xenforo Security patch - upgraded just now Admin Stuff 0
B Google Search Console Security Issue Local Search 10
P Security Services Chicago, IL Recycle Bin 0
djbaxter Critical security flaw in WordPress Jetpack plugin Websites, Software, and Security 0
U Google My Business Listing website not secure? Google My Business & Google Maps 9
djbaxter Security Warning for Gmail and Calendar Users Websites, Software, and Security 0
djbaxter Security vulnerability in WordPress Slick Popup Plugin Websites, Software, and Security 1
djbaxter Stay current with the latest WordPress and Plugins Security Issues with this newsletter Websites, Software, and Security 0
djbaxter Urgent! Serious Security Threat Found in WordPress Plugin Yuzo Related Posts Websites, Software, and Security 1
djbaxter Serious security issue with WP GDPR Compliance plugin: Update now! Websites, Software, and Security 4
djbaxter Google Chrome 70 will blare "Non-Secure Site" in red Websites, Software, and Security 0
djbaxter Security risk: Autofill in browsers except Firefox Break Room: Chat and Off Topic 4
djbaxter WordPress 4.4.1 Security and Maintenance Release Marketing 2
djbaxter The WordPress Security Learning Center from Wordfence Websites, Software, and Security 3
djbaxter WordPress 4.2.2 Security and Maintenance Release Websites, Software, and Security 1
djbaxter Critical WordPress 4.2.1 Security Release Websites, Software, and Security 2

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

Trending: Most Viewed

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom