Protect your sites from hackers and boost performance with Sucuri’s Junior Dev Security Bundle — now $500 off.

Plugin Vulnerability Alert: W3 Total Cache and WP Super Cache

Tom Ewer
,

W3 Total Cache

If you utilize caching for your WordPress blog(s) then your sites may be vulnerable to attack.

Sucuri recently announced vulnerabilities in the extremely popular W3 Total Cache and WP Super Cache plugins in which a hacker can execute code on your site without requiring direct access to the backend.

This is a very serious vulnerability, so if you use either plugin you should (1) check that you site hasn’t been compromised and (2) upgrade your plugins immediately.

The check is really simple — just enter the following into the comments form on one of your blog posts:

<!–mfunc echo PHP_VERSION; –><!–/mfunc–>

If a version number (e.g. 5.2.17) is displayed in place of the above code when you submit the comment, your site has been compromised. You should immediately upgrade your plugins — we strongly advise that you take advantage of ManageWP’s one-click update feature so that the plugins across all of your sites can be upgraded immediately.

Please take action now to prevent your site from being yet another victim of the recent swathe of hacks!

On a related note, praise should go to the developers of both caching plugins for releasing patches so quickly that eliminated the vulnerability. Thank you guys!

Tom Ewer Avatar

author

Tom Ewer
Tom Ewer is the founder of WordCandy.co. He has been a huge fan of WordPress since he first laid eyes on it, and has been writing educational and informative content for WordPress users since 2011. When he’s not working, you’re likely to find him outdoors somewhere – as far away from a screen as possible!

7 responses

  1. Darnell Jackson Avatar
    Darnell Jackson

    Good heads up.

    Now I’m happy I never installed these plugins on my site.

    It’s fast enough as is I don’t think these plugins would make that BIG of a difference plus now I know they may help me get hacked, no thanks, I’d rather be a little safer and slower than maybe a little faster and vulnerable to hackers.

    Reply
  2. Ann Avatar
    Ann

    That explains it. One of my sites went down and my host company said the W3 Total Cache plugin was responsible. We got the site back up easily enough but it was not fun to wake up to.

    Reply
  3. Allii Allee Avatar
    Allii Allee

    I am currently using W3 Total Cache plugin but some of my friends saying that its not good enough you must install WP Super Cache guid me what plugin should i use.

    Reply
  4. Marisa Gunther Avatar
    Marisa Gunther

    Thank you for the advice! Upgrade running now….

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *