The main developer of W3 Total Cache, Frederick Townes released a massive update that not only fixes the security issue but brings lots of new features.
TTJ Poll

After Note 7 Disaster what are your thoughts on Samsung Mobile?

View Results

Loading ... Loading ...

This is a super good news for millions of WordPress user who relies on W3 Total Cache. We posted yesterday about the high-risk vulnerability and also a quick fix. Now the main developer, Frederick Townes released a massive update that not only fixes the security issue but brings lots of new features. Keep reading.


This update came as a surprise. Frederick Townes did not update the plugin since 2014 actually. And never responded properly about why he abandoned the popular plugin. And the Vulnerability caused a major panic among people. We ourself also use this plugin on this site, after some research, and lots of testing we adopted a community fork, and released the tutorial.

Now as the official version is released, we will share details about it.

Update Details:

Here is the Changelog

Version 0.9.5 – Date September 26, 2016

  • Fixed XSS vulnerability
  • Fixed issues with dismissing overlays
  • Fixed handling of tilde in URLs
  • Fixed issue with HTTP compression header when using mfunc calls
  • Fixed cache ID issue with minify in network mode
  • Fixed rare issue of caching empty document when some PHP errors occur in themes or plugins
  • Fixed caching of query strings
  • Added support for APCu Opcode Cache
  • Added support for Redis
  • Added support for Google Drive
  • Added support for Amazon S3-compatible stroage services
  • Added support for PECL memcached
  • Added support for srcset elements
  • Added support for Rackspace CDN Origin Pull
  • Added support for minification of external fonts
  • Added support for WOFF2 font format
  • Added support for FTPS (FTP-SSL, S-FTP)
  • Added YUI Compressor’s PHP Port of the CSS minifier
  • Added Narcissus’ JS minifier
  • Added purge of parent page when attachments are added or updated
  • Added Highwinds CDN provider
  • Added “Validate Timestamps” option for compatible opcode caches functions like apc.stat are enabled
  • Added Full Site Delivery for Pro subscribers
  • Added HTTP Strict Transport Security (HSTS) support
  • Added a sample extension for developers to reference
  • Added Rackspace Cloud Files Multi-Region Support
  • Added more support for exclusions to database cache
  • Added more optionality to minifiers
  • Added WPML Performance Extension
  • Improved PHP 5.6 compatibility
  • Improved PHP 7 compatibility
  • Improved performance menu in admin bar, including purging of specific cache engines and more
  • Improved SSL inter-operability
  • Improved reliablity of test buttons
  • Improved nomenclature of caching files for higher cache hit rates
  • Improved nginx compatibility
  • Improved WP CLI support
  • Improved Cloudflare compatibility (now using latest APIs)
  • Improved AWS API compatibility (now using latest APIs)
  • Improved Rackspace Cloud Files compatibility (now using latest APIs)
  • Improved page cache purge for extensions like cloudflare and other reverse proxy use cases
  • Improved extension framework functionality
  • Improved compatibility of headers like eTag and content encoding
  • Improved template fragment caching
  • Improved notifications, warnings and errors
  • Improved moble user agents detection
  • Improved security with nonces and form elements
  • Improved security throughout the codebase
  • Improved detail of debug messages
  • Improved Amazon SNS security (validation)
  • Improved minify’s ability to match script tags without type attribute

You see this is a big list. So, after all, Frederick Townes was very busy working for this massive update. I will share insights what major change you will notice.

Opcode Cache:


This is an entirely new feature. As Opcode is now built-in with the release of PHP7 (which you all should use anyway), this option will be pre-enabled if your version is supported.


Fragment Cache:


Actually, this was probably one of the premium features, I am not entirely sure, but now it’s available for any user.


How to Update:

Don’t worry about anything, have a backup, and click the update.

If you followed our tutorial to get it fixed, its also very easy for you.


In our built the changed the name of the plugin so we could keep track, but we kept the process open so we could get an official update without any hassle. Now our process will pay-off, you could also click just the “Update Now” button. you are all set.

Depending on your server setting you might have to restart your server (apache or Nginx) service. Check the Performance -> General Settings to check the new features. Save. Clean the cache, go to your home page and reload. Check if everything is fine.


Don’t forget to check your site again via whatever you use, we suggested using in our last tutorial. We see really good improvement in our test.



Share your experience, update your site, and always keep your WordPress updated to stay protected.



Read it on Apple News

[Tutorial] W3 Total Cache Reloaded: How To Fix High-risk XSS Vulnerability in Popular WordPress Plugin

4 Things To Mind When You Set Up Your Blog
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On September 26, 2016(11 months, 0 days ago.)

You May Also Like:

What Do You Think?

Leave a Reply

Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.

Recent Search

Recent Tutorials

There is a high-risk XSS Vulnerability in W3 Total Cache, and we have got the guide to the fix for you.
Check out this tutorial to know how to install Apple watchOS 3 beta certificate on your Apple Watch and start enjoying the new version.
If you are trying to jailbreak iPhone, iPad or iPod on iOS 9.2 - 9.3.3 without using a computer or Apple ID, then check this video tutorial.
Pokemon Go users are complaining about the crashing and server issues. Check out the tutorial to solve error problems and thanks us later.
Turning off Wi-Fi Assist is a great way to save mobile data since it automatically starts using cellular data when Wi-Fi signal is poor .
If you want to secure your SIM card from others using it, then check out this tutorial to know how to set up the SIM Pin code on your iPhone.
CiderTV is a great alternative to control Apple TV from the Notification Center. Check out this tutorial to set up CiderTV on your iPhone.
Are you annoyed by the split screen mode on the iPhone 6 Plus or 6s Plus? Check out this quick tutorial to turn off split screen feature.
If you could not wait to installed the iOS 10 beta version on you iPhone and now struggling for the errors, then this tutorial is for you.
Siri might not understand the question you asked. But you can use Siri by editing the text that you asked & it will give an updated answer.
Join the
Enter your name and email and get the weekly newsletter... it's FREE!
Close You Have To Login
Login With »Login With TwitterLogin With Facebook