Connect with us

Hi, what are you looking for?


WP Super Cache and W3TC – When Bad News Travels Fast

Have you ever had your Facebook account hacked? That feeling of horror when you see posts that you know you didn’t create, or recommendations for porn sites even though you’ve never visited them? The aftermath is filled with mad scrambling as you try to repair the damage, change passwords, delete false posts, and hope that your friends know you well enough to know that such posts are out of character for you.

But now, imagine the same thing, only instead of just limited to a single social media site like Facebook, it’s out there on a publicly accessible WordPress blog. Here you are, blogging regularly, trying to build a decent online reputation, and some nimrod has hacked your blog and is issuing commands to your server. And the sad thing is, it’s as a result of vulnerabilities in two WordPress plug-ins.


According to this article, two WordPress caching plug-ins, WP Super Cache and W3TC, have vulnerabilities that can be exploited by hackers. If you have comments enabled, the flaws in these plug-ins can give a hacker the ability to issue commands to your server. The issue was discovered by a user back in mid-March.

With remote access to your server, a hacker can wreak havoc on your WordPress pages, ruining your visitors’ experiences, and leaving you holding the bag. After all, to the great masses out there, your site or your blog are the things which define you, introducing people to who and what you are. If your pages are compromised, the unfavorable impressions will harm your reputation. If you have a business, this can be catastrophic.

Damage Control

So your ship has hit an iceberg and you got water coming in. Okay, first of all, let’s get that hole plugged up. There are updated versions of WP Super Cache and W3TC. If you still want to use plug-ins, get the new versions, which correct the problem and prevent further damage.

Now that the hull is repaired, time to reassure the passengers. Post an announcement that there’s been a security problem, but it’s being corrected. This way, if they’ve encountered flaky stuff, they know it’s not your doing.

With the damage repaired and the passengers calm, it’s time to pump out the flood. In this case, the analog is removing harmful content and coding that hackers may have placed via remote commands.

Communication Is Key

Most people realize that hackers are an unfortunate fact of life in the online world. Additionally, most people are accepting of a bad situation if they’re kept informed about what’s happening, as opposed to being left in the dark to speculate what on Earth is going on. Let people know what’s happened; they’ll understand. You can emerge from an embarrassing incident like this with your reputation intact based on how you react to the problem, as opposed to the presence of the problem itself.

Sure, it may be embarrassing, depending on how badly your blog was compromised and how it affected your visitors, but if you handle the situation with grace, coolness under fire, and perhaps even a little humor, you may actually enhance your reputation!

Written By

Born in the Boston area in 1959, I started writing in 1985. I live in Nashua NH with my wife and three cats. We have four kids in our blended family. I am an utter geek who's into gaming, horror, SF/fantasy, the Red Sox, trains, running, history, and a bunch of other things.



  1. Juan Curry

    May 23, 2013 at 5:36 am

    Outdated WP plugins often pose serious security risks and this article is a perfectly good reminder of how important it is to keep everything up to date. Even the smallest hole can quickly turn into a disaster. Checked every plugin I’m using after reading this article. Thank you for the reminder, John.

  2. John Terra

    May 23, 2013 at 1:35 pm

    You’re welcome! It’s amazing (and a little scary) how some of the most innocuous things can make life difficult!

  3. Matt

    June 6, 2013 at 1:52 am

    Thanks for the heads up! I just went and updated my W3TC plugin. Much appreciated!

    • John Terra

      June 6, 2013 at 3:09 am

      You’re very welcome! Glad I could help!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like


The Internet is one of the most powerful identities of the world in the present time and would remain so for generations to come....


A social media profile is the most direct means of introducing yourself to the Internet and its myriad online communities. It’s your business card,...


Ah, Facebook! The 600-pound gorilla of the social media world! What once started as a means for college students to stay in easy contact...


By Steve Mehr, CEO of WebShark360 Once upon a time my mother cautioned me not to hang out with people of ill repute.  This...