Remove W3 Total Cache
W3 Total Cache is a very popular caching plugin for WordPress. However, it’s reported recently with a high-risk XSS security hole. It allows hackers to insert malware into the site. The worst thing is that the plugin developer seems to abandon the plugin already.
The plugin status
In the last six months, there is no update for the plugin. There are reports about the incompatibility of the plugin and the latest versions of WordPress. There is also an error when running W3TC with PHP 7. The developer seems not being bothered. Recently, in an interview, he mentioned that the plugin is still developing actively, they are just struggling with the new business model, a lot of works with the supporting team. But it cannot explain why they haven’t released fixes for errors in few months; even for this high-risk security, there is no update up to now.
I was in a short chat with W3 Edge, thinking to deploy premium version for our customers. However, it didn’t work out. Now, when I searched more information about them, there are other complaints about the communications between clients and the company, even after paying, there is no response at all. It is a huge warning about business.
As a W3TC user, what should you do?
While W3 Total Cache was an excellent plugin, there are other alternatives, either paid or free solutions.
- WP-Rocket: this plugin is working well with WordPress latest versions. It costs $39 per site, including one year of supporting and updating.
- WP Fastest Cache: I like this plugin very much. It’s light weight, easy to use, also supporting for CDN. Even I am still facing to trouble when setting up this plugin with a particular customer, I can recommend this as the replacement for W3TC, as a free solution.
As usual, I have actively applied the changes for customers, when I see security holes. I have removed W3 Total Cache from the sites using it and replaced by WP Fastest Cache. It is not interfering the usage of the site. If you are reading this, and not one of my customers, I highly recommend you to check if you are using W3TC. And if it’s still there, replace it as soon as possible. There is a fix for that, but again, since the primary coder drops development, there might be still a risk. You decide!