W3 Total Cache leaked again

W3 Total Cache is a plugin that helps improve website loading speed. One would expect that nothing can go wrong with it. However, as of mid-2021, there have already been 3 vulnerabilities found in W3 Total Cache.

The plugin had multiple vulnerabilities in 2019, and in 2016, a staggering 8!! vulnerabilities were discovered.

For us, this is a reason to avoid using this plugin on WordPress websites.

In the past, these vulnerabilities allowed hackers to place files on the server, read usernames and hashes, and execute commands on the server.

You simply don’t want to take that risk with a business website, so it’s best to avoid using this plugin or replace it with Autoptimize or WP Rocket.

Autoptimize – created by someone in Belgium – is a free cache plugin that has only had 5 vulnerabilities registered, compared to over 20+ vulnerabilities in W3 Total Cache.

If you want to be completely secure, according to WPScan – an authority on security issues – WP Rocket has only had 1 vulnerability (at the time of writing). However, this is a premium plugin that requires annual payment.

Remember that you need to properly configure any of the mentioned plugins to effectively speed up your website.

And no, using two cache plugins doesn’t make your website twice as fast 😉