W3 Total Cache high-risk XSS vulnerability

Just today, WP Media pointed us to a high-risk XSS vulnerability in W3 Total Cache (W3TC). This was a very popular WordPress plugin that has over 1 million active installs. Although it’s a very popular plugin, it hasn’t been updated in over six months. We stopped recommending it a while back for WP Rocket, a W3 Total Cache alternative that skyrocketed in use over the past few months.

We agree with Julio’s statement that when you need to explain to other people you haven’t abandoned your plugin, due to questions about that, the clock has already struck midnight.

XSS vulnerability

Let’s first explain what’s going on here:

XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.
Source: Sucuri

That’s definitely not what you want your website to do, right? In this case, we are talking about W3TC being vulnerable to a XSS flaw, high risk rated. This one should be fixed asap. With nobody maintaining the plugin, that is a huge issue for the millions of sites that use the plugin.

Order a website review and get a plugin of your choice for free. We’ll even configure it for you

$ 699 – Buy now »

Get a Yoast website review

Instead of waiting for a fix, we recommend disabling the plugin and using a W3 Total Cache alternative like the ones listed below.

W3 Total Cache alternatives

Luckily, there are more plugins you can use to optimize your site speed. And most work pretty well out-of-the-box. We have listed three speed optimization plugins for you as alternatives for W3 Total Cache.

  1. WP Rocket
    Our most-recommended speed optimization plugin. WP Rocket simply delivers speed improvement. It has a lot of options under the hood and works by simply clicking some checkboxes in their dashboard.
  2. WP Super Cache
    Made by Automattic, so it works flawlessly with WordPress. It’s a simple speed optimization plugin that helps a lot of WordPress sites. We have to add a note: it hasn’t been updated in five months as well. But all in all, it’s a nice, free WP Rocket or W3 Total Cache alternative.
  3. Comet Cache
    Formerly known as Zen Cache, formerly known as Quick Cache. If you change your name so often, you’re probably actively working on your plugin as well, right? Registration is needed.

Over to you

If you want your website to be safe RIGHT NOW and you are using W3 Total Cache, we recommend investing a few bucks in WP Rocket. It’ll be worth your while. If you don’t feel like investing that money in your website, feel free to switch to one of the other W3 Total Cache alternatives instead!

We’re using Sucuri’s Website Firewall at yoast.com, which eliminates the need for a separate speed plugin. But we have installed WP Rocket on some other sites with great results, so we’re happy to recommend them! Plus, we’re on the awesome and fast WP Engine hosting platform. Just in case you were wondering 😉

Advertisements

Author: Search Engine Optimisation Company

Our team have been offering SEO expert services to clients since the early days of the internet. Whilst the tactics have evolved over the years, our overall goal by no means has and thats making sure our users web pages to rank on page 1 for appropriate keywords at the same time only using honest and long term strategies. Plan to Dominate the Search Engines? While many agencies are convinced that they have to resort to black hat SEO tactics to get results, we can get the 1st page rankings for all of our customers despite the fact that constantly guaranteeing we stick to strategies that are not frowned upon by the the search engines. What happens when you turn to black hat strategies? Without a doubt, you will get some early success, however the internet search engines will quickly discover what you are doing and you can face severe penalties which includes having your website banned with the google search results altogether. We work within guidelines of leading search engines such as Google, Yahoo and Bing! so you never need to be concerned about receiving any penalties as a result of the work we carry out for you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s