WordPress.org

Ready to get started?Download WordPress

Forums

W3 Total Cache
[resolved] W3 Cache compromised backdoored by Hackers. WP Forces ALL users password reset (16 posts)

  1. Mike McKoy
    Member
    Posted 3 years ago #

    I read this article today stating W3 cache, WpTouch, and other popular pulgins have been compromised.

    Has this been fixed? What was the backdoor even for?

  2. sLa NGjI's
    Member
    Posted 3 years ago #

  3. cfs5403
    Member
    Posted 3 years ago #

    All my blog with w3 total cache can't login after I logout, is w3 total cache cause this? Did you guys experience same thing like me? Try logout and login back, can or not? Tell me later

  4. Mike McKoy
    Member
    Posted 3 years ago #

    OK so according to these articles the newest version of W3 cache is compromised.

    Has the author of the plugin said anything about this?

  5. Adam Harley
    Member
    Posted 3 years ago #

    W3 Total Cache 0.9.2.2 is compromised, but 0.9.2.3 (the current release) is fine.

  6. toyNN
    Member
    Posted 3 years ago #

    @Adam - you should quote your own article that's quite correct that if you downloaded W3TC v0.9.2.2 between June 20th and June 21st you most likely got this compromised version. This 0.9.2.2 version had been released for several weeks prior and not compromised.

    But of course moving to v0.9.2.3 of W3TC is a good idea anyway.

  7. Adam Harley
    Member
    Posted 3 years ago #

    True, forgot to clarify that bit. Just wanted to make clear that the latest version is safe.

  8. Mike McKoy
    Member
    Posted 3 years ago #

    Lol, I guess the real concern is how they broke into the repository and uploaded compromised plugins...

  9. sLa NGjI's
    Member
    Posted 3 years ago #

    I guess the real concern is how they broke into the repository and uploaded compromised plugins

    This is the real problem: the security of the code in the repository.

    1 - Who should perform the check?
    2 - You can place the material in the repository, too easily?
    3 - WordPress.org, reset all passwords, the problem is really serious?
    4 - Why, after correcting the bug, users of W3 Total Cache have not been officially informed?

    Thank you.

  10. Mike McKoy
    Member
    Posted 3 years ago #

    A breakin like this is state sponsored IMO.

    Like say china hacking google... I think we should be told more.

  11. Adam Harley
    Member
    Posted 3 years ago #

    Plugin authors are being notified of changes to their plugins from now on.

  12. Jean-Pierre Michaud
    Member
    Posted 3 years ago #

    @mykkal ... if they say more, hackers will know that there are vulnerabilities and see that each time they break something, the site has to be reset... if they don't say much, is for your safety.

  13. Mike McKoy
    Member
    Posted 3 years ago #

    @nexia true. you have a point there. However when personally identifiable information is compromised they should tell us how and what to check for on our own servers.

    Hate to think I had people's personal information compromised. Sometimes there's still issues lingering after a breach like this.

    I've got kids on some of my sites.

  14. tryminenow
    Member
    Posted 3 years ago #

    I'd like to hear from anybody still having trouble with this plugin. I keep getting locked out of WordPress (self-hosted) and the only way back in is to upload 0.9.2.3 via FTP and overwrite the previous indstall. It lasts a day or so and same thing again. I have disabled W3TC for now to see if it makes any difference. I'll try Quick Cache if I still have troubles and just have to upload files to Amazon S3 another way.

  15. Mike McKoy
    Member
    Posted 3 years ago #

    in wordpress only another admin can change an admin's permissions. Do you have ghost admins that you didn't know about? Have you got IP logger installed?

    i'd check to see if other user types have had permissions modified, scan my wordpress directly with antivirus, and make sure i've changed my ssh port to something non=standard and secured it by MAC address or a certain IP range.

  16. Adam Harley
    Member
    Posted 3 years ago #

    Running anti-virus over a PHP package isn't going to do much for you. Exploit Scanner should be able to pick up if any core files have been modified though.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic