Security risk when uninstalling WP Super Cache

  • Resolved Inposure

    (@liangzai)


    14 years ago

    I wanted to try Quick Cache on a more static site of mine, and so I deactivated WP Super Cache, removed the rewrite rules, installed Quick Cache and turned it on. Worked fine.

    Then I wanted to uninstall WP Super Cache. This plugin seems to do a lot of stuff when being uninstalled (or if it is Word-press itself, dunno), like deleting advanced-cache.php and such.

    But the real problem is that it uncommented define(‘WP-CACHE’) in wp-config.php, and while doing so it also removed the initial <?php tag.

    This means that what is displayed when any page on the site is called is the wp-config-php file, in plain text, with passwords to the DB and all, for everyone to read.

    If this had been on a more active site, I could have been seriously screwed by now.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Donncha O Caoimh (a11n)

    (@donncha)

    Did you have the WP_CACHE define on the same line as the opening <?php tag? That’s probably why that happened. This is the first time I’ve heard this happen to someone so thankfully it doesn’t happen often but it’s worth catching and preventing.

    Thread Starter Inposure

    (@liangzai)

    Yes, it seems that Quick Cache puts it like this:

    <?php define(‘WP_CACHE’, true);

    Whereas otherwise it usually is far below.

    Anyhow, fact remains that it is Super Cache that removes the entire line, even if it is Quick Cache that puts it where it shouldn’t be.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security risk when uninstalling WP Super Cache’ is closed to new replies.