Super Cache Security Clarification

donncha,

I can tell you that over the last week or so, I helped someone that was seeing directories created in her site root.

The cause was 4 things:

1. Despite the fact that her equivalent of public_html was chmod 755, supercache was saying the directory was writable.

2. She was running 1 other plugin, the name of it escapes me, but I can dig it out of my emails if you are interested.

3/4. Her 404.php was not actually sending a 404 but instead a 304. This was caused by a query_post that was being done in a sidebar file that was called via an include on 404.php

Changing any of the above 4 items caused the directories to not be created.

The solution, btw, that I came implemented was to insure that her 404.php actually sent a 404.

supercache looks for 404s, not finding one, (under the above set up) the latter have of the url ended up causing a directory to be made, ie:

http://www.blog.com/some_permalink/something_that_doesnt_exist

would create something_that_doesnt_exist within the cache directory,

and this:

http://www.blog.com/some_permalink/http://something_that_doesnt_exist

would create something_that_doesnt_exist within the WordPress root.

If you are interested I can pass along the info of the site and an email addy of the owner..

—

whooami – that’s really interesting. I’ll have to test that and debug it. Can you email me at donncha @ ocaoimh.ie please? I have enough to go on, but I’d like to give credit where it’s due!