skip to content
  • Security & W3 Total Cache 0.9.2.4

    by on January 28, 2013 No Comments

    We take security quite seriously even though our focus is on making it trivial to allow any publisher to maximize the performance they can extract from their hosting environment and WordPress itself.  Most recently we took a look at the steps that GoDaddy was taking in the shared hosting segment of the market.

    In versions of W3 Total Cache prior to 0.9.2.5 vulnerability exists (CVE-2012-6077, CVE-2012-6078, CVE-2012-6079) if the following two cases are true:

    1. Directory listing and download of w3tc/dbcache/ directories is possible
    2. W3 Total Cache has database caching enabled and is set to use disk

    This issue was resolved, irrespective of whether or not #1 was true in release 0.9.2.5 which offset the next release than some of you may have been testing to 0.9.2.6.

    For those of you who feel they were affected, here are some remediation steps:

    • Empty and disable database caching until you upgrade W3TC
    • Audit your administrator accounts and change their passwords, potentially add HTTP Basic Authentication to /wp-login.php and /wp-admin/ if possible
    • Update your database credentials, name (and table name offset if possible)
    • Ensure that you have nightly backups of your site, if you’re not sure contact your web host

    The 0.9.2.6 release expected within less than a week further expands on the initial approach to securing caching files to disk while using database caching and ameliorates issues caused with the previous patch.

    One might ask, why not completely remove disk caching for the database from the W3TC framework? The problem is that our goal is to make it possible for users to take control of their performance needs, that means that if they have an environment where they’ve tested to find that reading cache files from disk provided lower execution times than not caching at all, that option should be available.

    After years of scaling web sites, one thing we know for sure is that as your site grows, the techniques you use to scale it change. W3TC is ready to grow with you. With more than 140 features and fixes in the next release, the future is bright.

This entry was posted on Monday, January 28th, 2013 at 8:26 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed.


Comments are closed.
February 7, 2011 97

Optimize the Performance of Widgets, Buttons & More

Too much 3rd Party content can slow down the growth of your site, reduce engagement, conversions and more. Learn how you can still incorporate widgets, plugins etc and still have a site that does not force your visitors to leave and never return.

View
March 9, 2009 81

Do's and Don'ts to Improve Google Ranking

Google Ranking Factors, The Good and the Bad. There are lots of opinions on how Google actually ranks your web site in the search result pages — take a closer look at what matters and why.

View
February 25, 2008 90

Get Your Blog Google Ranked in 30 Days or Less

Blogs are great for updating content quickly, creating a site community, and they even make search engines happy. Unfortunately, many site owners mis-use or under-utilize their blogs so here are 50 tips to boost your blogs performance.

View

Testimonials

Wow! They have done an amazing job with our project. I can't thank them enough, I have been searching for a company to do just this and I am very thankful to have found W3 MARKUP. I will definitely be working with them in future with more of our projects.

Raymond Benc, phpFox