A Small Orange Ninja Profiles: Cheryl H
Profile: Brad Parbs, WordPress Designer/Developer/Core Contributor

An Important Announcement For WordPress Users

On Christmas Eve, knowledge of a rather serious security hole for Wordpress was released. The security hole, or "vulnerability", only affects users that are using the W3 Total Cache plugin for Wordpress. The details can be found here (and the technical details here). However, no official patch has been provided yet, even in the most up-to-date version. To combat this, go to the wp-content directory of every Wordpress install you may have that has this plugin installed, and create a file named .htaccess in the w3tc directory there: [Wordpress installation directory] +wp-content -+w3tc ---.htaccess and in this .htaccess file, add the lines: Order Allow,Deny Deny from all This will prevent outside access to the directory containing sensitive information. Alternatively, you may also want to configure W3TC to disallow cache directory listings. As always, please be sure to update any WordPress installs and plugins you may have installed. This is a responsibility that we have of our customers (as it's simply not feasible for us to be in control of this), and should be a quick and easy process to do. If you are unsure of how to do this, you can follow the documentation here (we recommend the Automatic Update feature). You can find more information regarding plugins here. Need hosting with great support? Check out A Small Orange‚Äôs SharedResellerBusiness, or Dedicated hosting plans

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)