This is a super good news for millions of WordPress user who relies on W3 Total Cache. We posted yesterday about the high-risk vulnerability and also a quick fix. Now the main developer, Frederick Townes released a massive update that not only fixes the security issue but brings lots of new features. Keep reading.
This update came as a surprise. Frederick Townes did not update the plugin since 2014 actually. And never responded properly about why he abandoned the popular plugin. And the Vulnerability caused a major panic among people. We ourself also use this plugin on this site, after some research, and lots of testing we adopted a community fork, and released the tutorial.
Now as the official version is released, we will share details about it.
Update Details:
Here is the Changelog –
Version 0.9.5 – Date September 26, 2016
- Fixed XSS vulnerability
- Fixed issues with dismissing overlays
- Fixed handling of tilde in URLs
- Fixed issue with HTTP compression header when using mfunc calls
- Fixed cache ID issue with minify in network mode
- Fixed rare issue of caching empty document when some PHP errors occur in themes or plugins
- Fixed caching of query strings
- Added support for APCu Opcode Cache
- Added support for Redis
- Added support for Google Drive
- Added support for Amazon S3-compatible stroage services
- Added support for PECL memcached
- Added support for srcset elements
- Added support for Rackspace CDN Origin Pull
- Added support for minification of external fonts
- Added support for WOFF2 font format
- Added support for FTPS (FTP-SSL, S-FTP)
- Added YUI Compressor’s PHP Port of the CSS minifier
- Added Narcissus’ JS minifier
- Added purge of parent page when attachments are added or updated
- Added Highwinds CDN provider
- Added “Validate Timestamps” option for compatible opcode caches functions like apc.stat are enabled
- Added Full Site Delivery for Pro subscribers
- Added HTTP Strict Transport Security (HSTS) support
- Added a sample extension for developers to reference
- Added Rackspace Cloud Files Multi-Region Support
- Added more support for exclusions to database cache
- Added more optionality to minifiers
- Added WPML Performance Extension
- Improved PHP 5.6 compatibility
- Improved PHP 7 compatibility
- Improved performance menu in admin bar, including purging of specific cache engines and more
- Improved SSL inter-operability
- Improved reliablity of test buttons
- Improved nomenclature of caching files for higher cache hit rates
- Improved nginx compatibility
- Improved WP CLI support
- Improved Cloudflare compatibility (now using latest APIs)
- Improved AWS API compatibility (now using latest APIs)
- Improved Rackspace Cloud Files compatibility (now using latest APIs)
- Improved page cache purge for extensions like cloudflare and other reverse proxy use cases
- Improved extension framework functionality
- Improved compatibility of headers like eTag and content encoding
- Improved template fragment caching
- Improved notifications, warnings and errors
- Improved moble user agents detection
- Improved security with nonces and form elements
- Improved security throughout the codebase
- Improved detail of debug messages
- Improved Amazon SNS security (validation)
- Improved minify’s ability to match script tags without type attribute
You see this is a big list. So, after all, Frederick Townes was very busy working for this massive update. I will share insights what major change you will notice.
Opcode Cache:
This is an entirely new feature. As Opcode is now built-in with the release of PHP7 (which you all should use anyway), this option will be pre-enabled if your version is supported.
Fragment Cache:
Actually, this was probably one of the premium features, I am not entirely sure, but now it’s available for any user.
How to Update:
Don’t worry about anything, have a backup, and click the update.
If you followed our tutorial to get it fixed, its also very easy for you.
In our built the changed the name of the plugin so we could keep track, but we kept the process open so we could get an official update without any hassle. Now our process will pay-off, you could also click just the “Update Now” button. you are all set.
Depending on your server setting you might have to restart your server (apache or Nginx) service. Check the Performance -> General Settings to check the new features. Save. Clean the cache, go to your home page and reload. Check if everything is fine.
Don’t forget to check your site again via whatever you use, we suggested using https://gtmetrix.com/ in our last tutorial. We see really good improvement in our test.
Share your experience, update your site, and always keep your WordPress updated to stay protected.