WordPress.org

Ready to get started?Download WordPress

Forums

WP Super Cache
[resolved] Security risk when uninstalling WP Super Cache (3 posts)

  1. Inposure
    Member
    Posted 3 years ago #

    I wanted to try Quick Cache on a more static site of mine, and so I deactivated WP Super Cache, removed the rewrite rules, installed Quick Cache and turned it on. Worked fine.

    Then I wanted to uninstall WP Super Cache. This plugin seems to do a lot of stuff when being uninstalled (or if it is Word-press itself, dunno), like deleting advanced-cache.php and such.

    But the real problem is that it uncommented define('WP-CACHE') in wp-config.php, and while doing so it also removed the initial <?php tag.

    This means that what is displayed when any page on the site is called is the wp-config-php file, in plain text, with passwords to the DB and all, for everyone to read.

    If this had been on a more active site, I could have been seriously screwed by now.

  2. Donncha O Caoimh
    Member
    Plugin Author

    Posted 3 years ago #

    Did you have the WP_CACHE define on the same line as the opening <?php tag? That's probably why that happened. This is the first time I've heard this happen to someone so thankfully it doesn't happen often but it's worth catching and preventing.

  3. Inposure
    Member
    Posted 3 years ago #

    Yes, it seems that Quick Cache puts it like this:

    <?php define('WP_CACHE', true);

    Whereas otherwise it usually is far below.

    Anyhow, fact remains that it is Super Cache that removes the entire line, even if it is Quick Cache that puts it where it shouldn't be.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic