A Small Orange Ninja Profiles: Cheryl H
Profile: Brad Parbs, WordPress Designer/Developer/Core Contributor

An Important Announcement For WordPress Users

On Christmas Eve, knowledge of a rather serious security hole for Wordpress was released. The security hole, or "vulnerability", only affects users that are using the W3 Total Cache plugin for Wordpress. The details can be found here (and the technical details here). However, no official patch has been provided yet, even in the most up-to-date version. To combat this, go to the wp-content directory of every Wordpress install you may have that has this plugin installed, and create a file named .htaccess in the w3tc directory there: [Wordpress installation directory] +wp-content -+w3tc ---.htaccess and in this .htaccess file, add the lines: Order Allow,Deny Deny from all This will prevent outside access to the directory containing sensitive information. Alternatively, you may also want to configure W3TC to disallow cache directory listings. As always, please be sure to update any WordPress installs and plugins you may have installed. This is a responsibility that we have of our customers (as it's simply not feasible for us to be in control of this), and should be a quick and easy process to do. If you are unsure of how to do this, you can follow the documentation here (we recommend the Automatic Update feature). You can find more information regarding plugins here. Need hosting with great support? Check out A Small Orange‚Äôs SharedResellerBusiness, or Dedicated hosting plans


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.