We recently released a security update to W3 Total Cache that addresses a vulnerability that can be exploited on misconfigured servers when database caching to disk is enabled. All users are encouraged to update.
If you see the following error following the upgrade:
Fatal error:Call toundefined functionw3_is_dbcluster()in/path/to/wp-content/some-file.php
This likely means that you’ve had us configure W3 Total Cache on your site already, and you were running a newer version of the plugin already.
You’ll need to manually disable W3 Total Cache to restore access and reach out so we can get you sorted.
The integration of a Content Delivery Network (CDN) into your website remains one of the easiest and most cost-effective ways to improve web performance. W3 Total Cache supports several CDN types (self-hosted, origin pull, and origin push) and makes the integration into WordPress simple.
In this post, I’ll show you how to integrate MaxCDN’s origin pull CDN product into W3TC. MaxCDN’s product remains one of the most commonly used CDNs in W3TC because it’s both affordable, simple to set up, and requires virtually no maintenance once integrated.
MaxCDN configuration steps
First, create MaxCDN account if you haven’t already. When you log in, click “Manage Zones”
Then click “Create Pull Zone”
Configure your new Pull Zone and then click “Create”
Make a note of your CDN URL, which we’ll use in a moment
We could technically integrate our CDN now, but W3TC can communicate with the MaxCDN (allowing purge requests to be sent directly from WordPress) if we set up the API connection.
Click “my settings” in the top-right corner
Click “API” in the sub-menu that appears
You’ll notice that we don’t have any API Keys configured. Click “Add Key”
Add a description if you’d like and then click “Save”
Your API ID and Key will appear here, I’ve removed my Key from the screenshot
That’s all we need to do in MaxCDN right now. In the next section, we’ll configure W3 Total Cache using the pull zone we just created.
W3 Total Cache configuration steps:
Once logged into WordPress, navigate to the W3 Total Cache by clicking on the “Performance” tab towards the bottom of your Dashboard sidebar. From the General Setting page, ensure that CDN is disabled and select “NetDNA / MaxCDN” from dropdown menu
Navigate to the CDN Settings. Enter your API ID and Key, your CDN URL, and click “Test NetDNA”
You should see “Test passed” in green if you’ve done everything correctly. Save your settings and then navigate back to the General Settings page. Enable the CDN by clicking the check box and saving your settings.
Power user tip #1: Configure a subdomain like
cdn.yourdomain.com so we can get rid of long MaxCDN URL. W3 Total Cache lets you configure multiple CDN subdomains, so we’ll go ahead and configure a few.
Log back into MaxCDN and from the dashboard, click “Manage” next to the Pull Zone you created:
Then click “Settings” right above the Zone Configuration
You’re presented with an overview of your Pull Zone settings
The section we want is labeled Custom Domains. Click “Edit” and enter your desired subdomains
Click “Update” and then navigate to your DNS control panel. Create a CNAME entry for every subdomain that you entered in MaxCDN, and alias them to your MaxCDN URL
Once DNS propagates, you can update W3TC with the subdomains and replace the long CDN URL with the new, custom ones
Power user tip #2: We can further improve page loads speeds by using a completely different domain for the CDN, ensuring that the domain is cookie-free. So if your site is
www.domain.com, you could set
domain.<strong>net</strong> as the domain to use with your CDN. Note: this assumes that you own
domain.net and have access to its DNS control panel.
That’s it! If you have any issues getting it working, drop us a line. If you’d like us to set this up for you, we’re happy to help.
We’ve worked with a few sites recently that use HTTPS to secure certain parts of there site. Some of the pages are SSL protected due to the data captured (pages processing registration or financial information, for example).
When using a CDN in conjunction with HTTPS / SSL, customers often find that the CDN product they use lacks an HTTPS endpoint, or the one provided is different from the standard, non-HTTPS one.
One simple solution to this would be to force the loading of your CDN assets via HTTP like so:
This leads to one other issue, however…
Why dont I see the Blue/Green Bar?
When a page and all of its assets are served over HTTPS, modern web browsers provide a visual indicator—usually in green or blue. This is designed to provide visitors with the confidence to shop or register on your site.
When your HTTPS pages are served with “mixed content” (as it sounds, this is a situation in which HTTPS and HTTP assets are both being loaded on a single page, this indicator does not appear. This could happen for any number of reasons — all beyond the scope of this article — but there’s a simple solution for addressing this with only a few short lines of code.
Disabling CDN on HTTPS pages only
W3 Total Cache ships with documentation (Performance > FAQ) that provides instructions on disabling each of the caching types. Combined with a simple PHP function and WordPress hook, we’re able to conditionally disable the CDN for pages that utilize HTTPS.
Add the following code snippet to your theme’s functions.php file:
This of course assumes that you have W3 Total Cache active and that the only assets being served over HTTP are originating from your CDN (otherwise, you might need something like this). When you reload a page being served over HTTPS, you should notice that the familiar green / blue indicator appears in your address bar.
Note: we’ve found that MaxCDN‘s SSL support and easy integration with W3 Total Cache provides a solid solution for many customers.
On the heels of a post by Matt Mullenweg, I thought it best to also make a post here to put any confusion that may ensue to rest:
Suspicious activity in wordpress.org plugin was noticed and a fewplugins were found to be compromised. Malicious code was added to these plugins creating backdoor access to the web server. You would only be affected if you downloaded an update of the plugin today.
Once we were notified of the issue, we made sure that the current stable release (0.9.2.2) was restored to normal in addition to releasing the current development version as (0.9.2.3) allowing users to get an upgrade notification in WordPress Admin.
Needless to say, if you haven’t already upgraded, we encourage you to do so straight away via the WordPress Admin’s plugins page, it just takes a minute. If you did not upgrade today, you site should be secure, however we encourage you to update so that your site can take advantage of the additional performance optimizations included with each release.
As many of you have learned from working with us, W3TC seeks to improve the search engine ranking, conversion rates and user experience of web sites for free. We welcome you to submit a bug submission form from the support tab of the plugin to help us identify issues in new features and old features as the performance framework is used in more and more cases.
As always, thanks for your understanding and participation.
Too much 3rd Party content can slow down the growth of your site, reduce engagement, conversions and more. Learn how you can still incorporate widgets, plugins etc and still have a site that does not force your visitors to leave and never return.
More than a trend, web application performance, user experience and performance optimization are finally being recognized as the building blocks of successful sites. Google is taking a leading role today in increasing awareness about the role of speed in improving user experience and driving revenue.