Posted on

How to quickly remove W3 Total Cache using MainWP

Remove W3TC

W3 Total Cache is one of the more popular caching plugins with over 1 million active installs and there is a current report of high risk explot that has been disclosed:

I’m not a security expert so I’ll send you over to SecuPress for more information on the vulnerability so you can determine if you would like to remove the plugin. As of now the issue still has not been fixed and the plugin has not been updated for 6 months.

Update 1: I just read in the Advanced WordPress Group from Jim Walker:

Only works for authenticated users and and need to have permissions tu access W3 Total Cache Support Menu of left sidebar on WP Admin Panel.

So, if I’m reading this right, the exploit is only possible from a logged in Admin users. If that is the case, well, other than for coding purists this alert is rather pointless.

Update 2: The W3 Total Cache plugin has been updated resolving the problem.

What I’m going to go over is 4 step process of checking, deactivating and deleting the plugin using MainWP. These same steps can be used for any plugin.

Part 1:  Seeing if W3 Total Cache is active on any Child sites

First we’re going to search if you have W3TC actively running on any of your Child sites

  • Log into your MainWP Dashboard
  • Select Plugins from the left menu then on the Manage tab
  • From Step 1, Select status: Active Plugins and Containing Keyword: W3
  • From Step 2, Click All to select all your sites
  • Press the Show Plugins button

If you find any active move to Part 2 

If you don’t find any active Skip to Part 3 to be sure you do not have it sitting deactivated on any of your child sites.

Part 2:  Deactivating any that are Active

Now that you know you have the plugin running on some of your Child sites let’s go ahead and deactivate it.

  • In the results window click on the W3 Total Cache name (column header) this will check every site for you
  • From the “Choose Action” drop down select Deactivate
  • Press the Confirm button

Now all the active version of W3TC has been deactivated so let’s get them removed from the child sites.

Part 3: Searching for deactivated versions of W3TC

Finally let’s remove them from the Child sites until the issue is fixed.

  • From Step 1, Select status: Inactive Plugins and Containing Keyword: W3
  • From Step 2, Click All to select all your sites
  • Press the Show Plugins button

If you didn’t find any then you are done and can be sure none of your sites are running W3 Total Cache

If you find some move on to Step 4

Part 4: Deleting W3TC from all your child sites

  • In the results window click on the W3 Total Cache name (column header) this will check every site for you
  • From the “Choose Action” drop down select Delete
  • Press the Confirm button

That’s it now you have removed W3 Total Cache from all your websites!

Get MainWP News and Notifications

Dennis Dornon on Twitter
Dennis Dornon
Co-founder at MainWP
I am neither a coder nor a designer. My coding confession.

8 thoughts on “How to quickly remove W3 Total Cache using MainWP

  1. I didn’t realize all this. I like it best, but if the hosting is good, you often don’t need it. The one by WordPress is more simple. I may switch over to it. I always liked W3 Total Cache, so something makes me think he is caught up with other stuff.

    1. I’m not a security guy but some people are screaming the roof is on fire and others are saying no big deal. I tend to listen to the roof is on fire people when it comes to the security of my sites.

      It is concerning that it hasn’t been updated in 6 months not even the “Compatible up to” has been updated which is 1 minute process. So it may very well be an abandoned plugin with 1 million active users.

      1. Frederick’s always been on top his stuff. Wondering what’s going on here? Maybe he is getting ready to discontinue the free version? I don’t know.

        1. Looks like in March he told WPTavern it wasn’t abandoned but it hasn’t been updated since then “Frederick Townes Confirms W3 Total Cache is Not Abandoned

  2. That issue is already fixed in the forked community version though.
    https://github.com/szepeviktor/fix-w3tc/pull/81

    1. Apologies I missed this Simone. Do you know if that repository will be updated to take into account the new version of W3TC or will it be it’s own fork going forward?

  3. and it’s fixed in the WP repository (oops… it’s the “library” now) as of Sept 26.

    1. Yep have that in Update 2 in the article. It’s still a good tutorial on how to remove any plugin from your MainWP Child sites.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.