If you are one of the Million+ users of W3 Total Cache, the most famous WordPress Free Caching plugin, your day probably started bad reading the High-risk Vulnerability report in the wild. And this plugin is unofficially abandoned, so millions of website left in the dark. There are some alternative, but if somehow you don’t want to, or can’t update, here I will share you a fixed version, which not only will fix the vulnerability but will deliver even better performance as well.
Update: W3 Total Cache Gets Official Update From Frederick Townes
This is a very sad situation when a popular plugin, with millions of download and even had premium version and support, are abandoned. And even after Vulnerability this big, the developer is nowhere to be found.
There is a free plugin like WP Super Cache and several others, but there are many reasons why W3 Total Cache got this popularity. There is also the newest Premium Only player WP Rocket in the field. But if for some reason (there could be several actually) W3 Total Cache is still the best option for you, you are in a kind of deep issue.
As there is no official update, what do you do? Hacked could try this opportunity any time. Many are thinking to remove W3TC entirely, but that will cause a lot other issues. The test shows W3TC (or any good configured caching plugin lets you save about 400% CPU and server resource.
There are several workarounds, fork and fix available in the wild. I found this project is the most active for months, and I have tested it in 5+ server. It entirely removes that Vulnerable module entirely and added several amazing new features.
Take a look –
- Modernize deprecated WordPress code
- Support PHP7 disallow reference arguments
- Add Memcache(d) support
- Add APCu support
- Support OPcache
- Support WOFF2 font format
- Fix https caching
- Halfdone CloudFlare support in trunk
- Support AMP
- Support Redis
Solution & Guide:
Here is how to update to this version and apply the fix.
* Before you start to run some speed test. I use https://gtmetrix.com/, run it at least twice to get a better result over the cache.
- First, save/ backup your WordPress.
- Save the W3 Total Cache setting. Export Configuration from General Settings.
- Now, Deactivate the W3 Total Cache, but do not delete or click Uninstall from the plugin.
- This is the only part where you need to use FTP/SFTP or SSH to rename the existing ‘w3-total-cache‘ folder. To keep it simple, rename it to ‘w3-total-cache-old‘. If you just delete the entire folder right away, WordPress will through error, as there are object cache, and other drop-ins, configuration, cache present in your WordPress. And we need those setting to make this process smooth.
- Now get this fixed version from my forked repo of fix-w3tc.
Repo: https://github.com/Asif2BD/W3-Total-Cache-Reloaded
Download: https://github.com/Asif2BD/W3-Total-Cache-Reloaded/releases/download/0.9.4.5.2.1/w3-total-cache.zip - Save this file to your computer.
- Go back to your WordPress Dashboard, go to add new Plugin Screen.
- Select upload new plugin.
- Locate the just downloaded ‘w3-total-cache.zip‘, upload and activate the plugin.
- Now the plugin is active. Visit the Performance tab. There could be few new fix, all of those are safe to apply in my test, Apply All option did not work in my test, I just applied one by one.
- Go to Performance -> General Settings, check all the setting, and save.
- Go to Performance -> Dashboard, clean the cache.
- Go to your site and test. Everything should be fine, and you are fully safe.
After you are done, run the Speed Test again. Feel free to share that with us. In my test this version shows remarkable speed boost, if you use PHP7 and recent caching technology like Redis.
Notes:
- Credit: This original plugin is by Frederick Townes, and the fix I used is by the community, check the contribution list.
- Why I Forked: So, as the project was already it git and community supported why I needed to create a separate fork? Here are the reasons
- I wrote this tutorial for the normal user, not necessarily developer. Developers could solve one way or other, but millions of normal people use WordPress, they need something very basic that they could follow.
- The source git release gives a zip with folder name different, and user needs additional steps decompress, edit the folder name and re-pack or the direct upload will cause an issue.
- Even this fix version of W3TC has some code reference that has the plugin folder name hard-coded. If I could get more time I probably could fix this, but needed to release this ASAP, as got request from my people, clients, friends that all need a fix ASAP. So, I had to edit the old folder name and keep this version as ‘w3-total-cache’.
- I named the plugin as “W3 Total Cache Reloaded” as I kept the old plugin in the plugin list in my process, so to differentiate I needed to change the name a little bit.
- Official Update & Backward Compatibility: I wanted to keep the backward compatibility, and there is a big chance that an official update will come. So, I kept the old plugin on the server. When the new update arrives you just reverse the process by deactivating this one, rename this folder as ‘w3-total-cache-reloaded’ and renaming back the ‘w3-total-cache-old’ to ‘w3-total-cache’, and all will be fine. I am personally will be a little skeptic about official route if that does not contain any bug fix, just fixing this vulnerability will not be enough for me to move from this community version.
- Tested: This version is community built and well excepted, and I personally tested and deployed it more than 5 live sites, so, if you trust me, you could trust this.
This type of hardcore WordPress related article is pretty new to TTJ, so you might wonder. Actually, despite being Editor-in-Chief and Admin of this site, I am a long time WordPress Enthusiast, working very closely with WordPress for past 12 years. You could know more about me on my personal site – Asif.im.
![Read more about the article [Tutorial] How To Safely Share A Password With LastPass?](https://thetechjournal.com/wp-content/uploads/2012/11/lastpass-share-password-ttj-logo-512x270.jpg){kind=logo}
![Read more about the article [Tutorial] How To Easily Sync Game Progress, App Data Or Folders Between Different Android Devices](https://thetechjournal.com/wp-content/uploads/2013/01/sync-android-apps-games-files-ttj-logo-512x225.jpg){kind=logo}
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
?
Okay
For anyone needing time to switch plugins, or anyone who really needs W3TC but needs to make it secure .. this small plugin will stop all access to the W3 total Cache (Version 0.9.4.1) XSS support page,
just install (preferably as mu-plugin) and you are all done.
https://github.com/ramonfincken/w3tc_deny_supportpage Instructions are in the README.md file
W3TC will continue to cache your site, and you will have some “breathing time” to search for an alternative caching plugin.
Note: I still think it is time that W3Edge releases a fix for this and many other things as well (PHP 7 support for instance).
💰 What the prices are: Being one of the best Eastern European dating websites, LoveForHeart has moderate costs. Whether one is courting a European woman who values tradition and stability or an American lady who values freedom and equality, acknowledging and honoring their independence and values is the key to a profitable and meaningful relationship. Nearly all of men who use this portal are from the United States as mostly all women seek relationships with American men. Europe is the most demanded area among foreign males. 💕 The way it helps you enhance your relationship experience: You can enjoy top-drained Eastern Europe dating with a excessive level of security, responsive buyer support, and reasonable prices. 💕 How it helps you improve your courting experience: On CharmRomance, you can make the most of East European dating sites free using the perks offered by the platform. 💰 What the costs are: Explore all the perks of GoldenBride by buying the credit score package deal. GoldenBride has a casual method to dating, and plenty of customers admire the fast and efficient means it permits them to connect with others. MeetSlavicGirls is an honest platform for relationship, flirting, and long-lasting bonds.
âš™ï¸ How it really works: MeetSlavicGirls is a trusted courting platform that provides a variety of features to help customers discover potential singles from Slavic nations and join with them safely and conveniently. 💰 What the costs are: Although nearly all of options on DateNiceUkrainian are paid, the prices for superior performance are nonetheless affordable. The location can give you high-quality online communication because the staff consists of highly skilled specialists who make it possible for new options are added usually. Don’t repeat frequent mistakes men make of their letters. With a consumer-pleasant method, this platform provides nice alternatives for single males from the United States to search out nice European girls. As I heard lots of males got here across fraud and acquired nothing in the end. Contrary to popular opinion, this has nothing to do along with her trying to look chic in an effort to extract any benefits from you. Withershins movement was employed in widespread rituals, too, although solely in those occasions when it was thought of worthwhile to act against the course of nature, so as to change the state of affairs.
That is to not say that someone on the older facet can’t have luck, too, although. If something appears too good to be true or if you feel suspicious about a profile, it’s better to err on the aspect of caution. There were occasions when people even said that a girl is an previous maid if she isn’t married on her 30th. However, society is changing, and at this time most Kiev ladies choose to review at college and build a profession before getting married. So how to take pleasure in your go to and get great photographs – without getting an elbow in the face or inconveniencing the locals? Also, it is feasible to view videos of beautiful ladies and browse each personal and public images. Also, it is feasible to benefit from the welcome supply and purchase the first 2,000 credit for only $2.99. Instead of $9.99 for 20 credits, you’ll be able to obtain the identical number of credit only for $2.99. The cost of the pack starts at $9.99. It is necessary to purchase a credit pack to communicate with women on LoveForHeart.
The platform has a credit-based mostly system, with the most affordable pack costing $2.99 and essentially the most expensive one being $149.99. Overall, the costs on the website differ from $2.99 per 20 credit to $149.99 per 750 credits. 💰 What the prices are: The smallest credit package costs $15.99, whereas the largest credit score package is out there for $399. 💰 What the prices are: You may buy the smallest credit score bundle [url=https://bridesbest.net/dating-sites/charm-date-dating/]charmdate.com[/url] for $15.99, and the most important one for $399. The site is handy and simple and may be accessed from desktop or cellular devices. It’s even possible to talk to single European ladies on the move utilizing the mobile model of the platform. You’ll be able to date European girl utilizing built-in communication instruments on SingleSlavic. âš™ï¸ How it really works: DateNiceUkrainian serves the wants of customers who’re able to spend money on high-quality communication with an Eastern European woman. The whole amount of cash you can spend per month depends upon the exercise and functionality you use. Couples that meet on the relationship app have extra marital satisfaction and fewer divorces, meaning you could find your life-long accomplice right here. It contains a large pool of active customers who have the urge to fulfill a partner.