When I started my first WordPress blog, I was told that in order to make my site run faster, it was recommended that I installed a ‘cache’ plugin. I had no idea what that was at first and I didn’t think it was needed. Oh, how wrong I was. The reason I didn’t think I needed any cache plugin was because my site would receive just a few visits every month. But when my website started to become popular and I started to deal with bigger numbers, it was easy to notice I was going to need to install a cache solution. There were many cache plugins available at the moment but the one everyone kept mentioning was W3 Total Cache. I downloaded the plugin and after installing it it was very easy to notice that my blog run a lot faster than before.
What I wasn’t expecting to deal with, was the vast amount of settings and configuration tweaks that are possible inside the plugin. I actually didn’t understand many of the terms inside the setting tab. What is ‘memcached’ and why do I need it for? Why do I have to ‘clear the cache’ and why is the button to clear it so prominently visible? What is a CDN and how do I use it? But even with the default configurations, the performance improvement was pretty noticeable. With time, I started to understand that these strange terms were and the plugin became very easy for me to use. But after being a fan for a long time, something happened and I changed my mind. One day, I noticed that whenever I visited a page of my blog I would see a very strange set of characters in the URL.
I had no idea what those characters were or why they started to suddenly show up without any warning. I assumed it was WordPress doing something I was not aware of. After searching for the exact characters that I saw on the url, I realized that I was the victim of a MySQL injection. And the problem started with W3 Total Cache. Somehow there was a vulnerability on the plugin and it allowed the MySQL injection to take place on my blog. I immediately removed the plugin and tried another option, Quick Cache. By the way, as soon as I disabled the plugin I noticed how awful my site’s performance was without a cache plugin. Quick Cache worked wonders but the authors of the plugin stopped providing updates long time ago. When I updated Worpress to the latest version, Quick Cache stopped working and I decided to install an updated version of W3 Total Cache. This version had fixed the vulnerability and everything was right again. I highly recommend W3 Total Cache, it’s a robust solution that will make your site faster and even if you don’t know how to properly configure it, it will work like a charm with the default settings.