WP fastest cache leak in over 1 million websites
With a popular caching plugin used by many webmasters, it is now possible for malicious people to take over the website. It is therefore important that you act immediately if you are using the plug-in on your website. Read more about what can be done and how you can prevent this from happening on your website.
A caching plugin in WordPress ensures that the website web hosting is static for users. This means that instead of the normal website files, which can be interactive and therefore a bit heavier, the caching plugin converts them into static HTML files that always load faster. This is very important for visitors who are using a mobile or less optimal network, for example, as your website can load quickly, which in turn provides a better user experience. The plug-in that's been in the news since yesterday does just that, converting your WordPress website into a static HTML website. WP Fastest Cache is a popular option used by many people to achieve this. However, two vulnerabilities have been found in the WP Fastest Cache plug-in that can be used to take over your WordPress website, take it offline, spread malware, and so on.
The two vulnerabilities found for this plug-in are as follows:
Authenticated SQL injection
Stored XSS via cross-site request forgery.
However, the second vulnerability can only be exploited if the classic editor in WordPress is used and the additional plug-in is installed for it. This also shows that it might be better to say goodbye to the classic WordPress editor and either use the new editor or just work with the bare HTML in the editor if you find it annoying. Such plug-ins that bring earlier features will eventually not be updated enough and will not work 100% with the latest versions. And that's a problem in the long run.
Fix leak in WP fastest cache
The solution to these vulnerabilities is, of course, to update the plug-in to the latest version, as the creators of a plug-in are always notified first by the authority or person who discovered the vulnerability, as in this case. The leak can then be fixed before a new version is released. Versions prior to 0.9.5 are vulnerable to these vulnerabilities and should be updated to the latest version as soon as possible. This will prevent website abuse and problems. To be safe, always back up the website before updating. And additionally, check your folder structure for anything suspicious. For example, files that have been recently modified or tampered with malicious code.
WordPress and its many plug-ins and themes are prone to such leaks, and since there are many different development teams and many different standards, you might be unlucky enough to install a component that is vulnerable. So think twice before installing additional components, and find out who makes them and how often they are updated. Plug-ins or themes that haven't been updated in six months should be avoided.
Because WordPress is so sensitive to updates and constant maintenance, we at MijnHostingPartner.nl have developed the Managed WordPress Hosting packages. These packages are specifically designed for WordPress at a great price. And WordPress websites running on these packages are super fast thanks to our own resources, SSD hosting and optimization. And maintained and secured by us as standard. Updates are done automatically for you, daily backups are done for you, and optimization is done for you. So you can focus on serving your customers, working on your content, or connecting with new opportunities thanks to your WordPress website. Without the worry. To do so, take a look at our packages, or contact us via online chat. We'd love to help you find the perfect space for your new or existing WordPress website!
