I use wp-cache on all my blogs all the time. No need waiting for being slashdotted or heised.
But wp-cache comes with a security flaw. It requires the webserver to have write access on $WP_HOME/wp-content/cache
and $WP_HOME/wp-content
. The first part is perfectly reasonable, the second not.
wp-cache creates it’s wp-cache-config.php
in that place and edits this file consequently while being configured.
wp-cache comes with a sample config you can put in place. After that, chmod this file to 660 or something else that allows your webserver to edit it. Please don’t give your webserver write access to $WP_HOME/wp-content
, especially not facing the current attacks on wordpress bloggers as described here.
I assume you know what your doing in the next step. All recommendations are tested and working with wp-cache 2.1.2. Open the file file wp-cache.php
in your favorite editor, navigate to line 471 in function wp_cache_verify_config_file
and change the following code
if ( !is_writable($dir)) { echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.<br />Check its permissions."; return false; } |
to
/*
if ( !is_writable($dir)) {
echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.<br />Check its permissions.";
return false;
}
*/ |
Alternatively, you can use the file i prepared: wp-cache.php. Rename it from *.php.txt to *.php and replace the old file with it.
Read more about the attack on wp blogs here. It’s shown that the attackers create a subfolder in your wp-contents. So it’s essential to chmod this folder to 0755 or even better to 0555 if you’re paranoid and only change it if you upload updates.
No comments yet
Post a Comment