Support » Plugins » [Plugin: W3 Total Cache] W3 total cache and security

  • There seems to be a security issue with this plugin. All my websites have been hacked and the compromised files seem to be only around this plugin. Also, now I can;t even deactivate the plugin, it keeps timing out. I also just received the following network violation notice from godaddy:

    I hope someone can help me deactivate and delete this plugin. Because I cant seem to delete even the files in hosting account it also is timing out. I can’t get rid of this,

    Dear Sir/Madam,

    Regarding your hosting account

    The hosting account has been found to be in violation of section 3 “Your Obligations” of Go Daddy’s Web Hosting and Virtual Private Hosting Service Agreement.

The relevant passage of this agreement is located in the “Storage and Plan Limits” sub section and has been provided below:
    “All hosting plans, including plans that offer unlimited storage, are subject to a limit of no more than 500,000 inodes per account (for Linux® hosting accounts) or 500,000 files and folders per account (for Windows® hosting accounts). Any account that exceeds this limit will be issued a network violation warning and subject to suspension if no action is taken by the customer to reduce the number of inodes or files and folders (as the case may be).”
    “You shall not use the Service in any way, in Go Daddy’s sole discretion, that shall impair the functioning or operation of Go Daddy’s Services or equipment.”
    Go Daddy’s “Web Hosting and Virtual Private Hosting Service Agreement” is located at the following URL: 

More specifically, this hosting account has exceed the maximum 500,000 inodes, with 40,819,770.

Additionally, the following directories have exceed the maximum 1,024 file/folder count:

Too many than is reasonable list, within the /tollieschmidt/wp-content/w3tc/dbcache sub-folders. 

It appears that this may be an issue with a caching plugin being used on the WordPress-based website on your account. You would therefore need to make the necessary changes to its configuration or disable/remove it from use, then ensure those cache folders are cleared out. 

The amount of files/folders in the above directories, and on your hosting account in general, are affecting our hosting administrator’s ability to efficiently back up your hosting account, and is adversely impacting the performance of global maintenance operations for the shared server. Exceeding this 500,000 inode limit and/or the 1,024 file/folder per directory limit can also cause file system latency which reduces the responsiveness of all files contained on this shared server. This affects not only your web site(s), but all other customer web sites utilizing this service. 

We understand that this misconfiguration was not intentional, as such we respectfully request that you reduce the inode count for your hosting account to less than 500,000 total inodes combined, as well as that you reduce the count within the above directories to less than 1,024 total files + folders combined. 


Due to the serious nature of this situation, your hosting account is eligible for suspension on SATURDAY, NOVEMBER 17, 2012. To avoid this suspension– which will disable any websites you may have on this hosting plan– not only must you reduce the number of inodes, or file/folder count, to less than 500,000, you must also reply to this notice with an email message containing the statements outlined below.

Viewing 1 replies (of 1 total)
  • Wish someone knew about this problem. I did receive an email from the developer telling me I was wrong the plugin had nothing to do with this. It’s odd there is another few people who have the same issue I am. But, now my hosting company godaddy has shut down my websites for network violations. Since the hack has now placed over 40MILLION + files into the /wp-content/w3tc/dbcache sub-folders which is odd since that is THIS plugin, but glad to see the few of us who have had all our sites hacked thru this plugin are just told to shut up.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: W3 Total Cache] W3 total cache and security’ is closed to new replies.