Blog Archives

CartPress Sends no-cache Headers

WordPress Plugin News Feed Stops Website Caching

It’s hard to believthecartpress sends no-cache headers icone a simple news feed from the CartPress e-commerce plugin for WordPress prevents WordPress from caching pages. This is apparently what happened to a website recently.

The website was caching fine up to early 2013, then stopped caching. In March we provided some pro-bono help, and the bug seemed to be fixed. 6 weeks later the bug had returned. After trying every possible cache plugin, the owner was getting desperate.

We had a quick look at the website, and found http headers had no-cache parameters set. Read more.

CartPress Sends no-cache Headers

TimThumb Exploit

TimThumb PHP WordPress Vulnerability

Timthumb WordPress ExploitAn image re-size script timthumb.php released by Google and used by many Word Press (self hosted) themes and plugins had a vulnerability allowing hackers to load malicious script files to a Word Press website.

Hackers use automated bots to trawl sites looking for timthumb.php files in certain folders e.g. wp-content/themes/ and /wp-content/plugins. Once the bot has found timthumb.php the hacker will try to attack the site.

The vulnerability was discovered in August 2011… Read more here.

TimThumb Exploit