Reply To: W3 Total Cache critical Vulnerability disclosed
Frederick Townes, 0.9.2.5 version was released, but my question is: 0.9.2.5 version include enhancements and corrections contained on previous development 0.9.2.5b (2011-08-31) versions? 🙂
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
For those of you that use W3 Total Cache to make your sites more performant, thank you. Security issues are always of paramount interest, no matter the scope. The root of the possible vulnerability...
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
@ithacaindy & anyone else who needs to use DB caching – then you can create a deny all .htaccess file and upload it to your /w3tc/dbcache folder. To create a deny all .htaccess file: 1. Open...
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
Otto: I updated my .htaccess to prevent directory indexing. Since I’m on a shared host, I need the database cache; disabling it brought things to a crawl. It would be nice if Object Caching were...
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
ithacaindy: Essentially, don’t use the “Disk: Basic” or “Disk: Enhanced” settings for the cache. Or, if you do, then make sure you have Directory Indexing disabled on the site, which is generally a...
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
Can someone specify what the correct settings for “Database Cache” should be in order to avoid the exploit?
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
It’s an important issue, certainly, and if you use the plugin it is worth checking your settings to make sure you have it configured properly.
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
Thanks for your information. That’s mean its not a critical issue.
View ArticleReply To: W3 Total Cache critical Vulnerability disclosed
The author is aware of the issue and is working on a fix. At a quick glance, however, this only affects users who use the “Database Cache” option with the “Disk: Basic” or “Disk: Enhanced” modes of...
View ArticleW3 Total Cache critical Vulnerability disclosed
W3 Total Cache critical Vulnerability disclosed, allow attacker to retrieve password hashes and other database information. http://thehackernews.com/2012/12/wordpress-plugin-w3-total-cache_26.html...
View Article