Plugin Vulnerability Alert: W3 Total Cache and WP Super Cache

W3 Total Cache

If you utilize caching for your WordPress blog(s) then your sites may be vulnerable to attack.

Sucuri recently announced vulnerabilities in the extremely popular W3 Total Cache and WP Super Cache plugins in which a hacker can execute code on your site without requiring direct access to the backend.

This is a very serious vulnerability, so if you use either plugin you should (1) check that you site hasn’t been compromised and (2) upgrade your plugins immediately.

The check is really simple — just enter the following into the comments form on one of your blog posts:

<!–mfunc echo PHP_VERSION; –><!–/mfunc–>

If a version number (e.g. 5.2.17) is displayed in place of the above code when you submit the comment, your site has been compromised. You should immediately upgrade your plugins — we strongly advise that you take advantage of ManageWP’s one-click update feature so that the plugins across all of your sites can be upgraded immediately.

Please take action now to prevent your site from being yet another victim of the recent swathe of hacks!

On a related note, praise should go to the developers of both caching plugins for releasing patches so quickly that eliminated the vulnerability. Thank you guys!

Tom Ewer

Tom Ewer is the founder of WordCandy.co. He has been a huge fan of WordPress since he first laid eyes on it, and has been writing educational and informative content for WordPress users since 2011. When he's not working, you're likely to find him outdoors somewhere – as far away from a screen as possible!

7 Comments

  1. Marisa Gunther

    Thank you for the advice! Upgrade running now….

  2. Allii Allee

    I am currently using W3 Total Cache plugin but some of my friends saying that its not good enough you must install WP Super Cache guid me what plugin should i use.

    1. Tom Ewer

      My recommendation is W3 Total Cache.

  3. Ann

    That explains it. One of my sites went down and my host company said the W3 Total Cache plugin was responsible. We got the site back up easily enough but it was not fun to wake up to.

    1. Tom Ewer

      Sorry to hear that Ann but happy to read that you got back up and running :-)

  4. Darnell Jackson

    Good heads up.

    Now I’m happy I never installed these plugins on my site.

    It’s fast enough as is I don’t think these plugins would make that BIG of a difference plus now I know they may help me get hacked, no thanks, I’d rather be a little safer and slower than maybe a little faster and vulnerable to hackers.

    1. Tom Ewer

      Hi Darnell,

      The plugins can make a big difference and you have to give props to the developers for taking action quickly. Having said that, I can see where you’re coming from.

      Cheers,

      Tom

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>