Title: Super Cache Security Clarification
Last modified: August 19, 2016

---

# Super Cache Security Clarification

 *  [cachemoney](https://wordpress.org/support/users/cachemoney/)
 * (@cachemoney)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/)
 * First off, thanks for a great plugin, I’ve notice a huge difference in speed 
   with this!
 * I’ve read over some of the topics here regarding super-cache and security. I’m
   a noob but I think most of them are regarding the correct CHMOD for directories.
   Still not 100% on what the warning in the admin page means and what exact files/
   directories it’s talking about.
 * Can anyone put in simple terms, what exactly needs to be done to ensure maximum
   security when using this plugin?
 * A few days after installing it I found a folder in my home directory that shouldn’t
   be there. This is the first time I’ve had anything like that, so I imagine I’m
   doing something wrong with this plugin.
 * I changed my hosting and wordpress passwords, anything else I should do?
 * Also is that a really horrible security breach? FWIW, the folder was named for
   the domain of some adult site and sub directories in the folder matched a directory
   structure until it reached the last sub folder called 05.jpg. I chmodded the 
   folder to 0. Other than that, I couldn’t find any other obvious changes.
 * Any comments/ideas appreciated!

Viewing 7 replies - 1 through 7 (of 7 total)

 *  [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710340)
 * It’s not a security breach. Some people see odd directories appear in their root
   directory, but I haven’t been able to reproduce it at all.
 * You should however tighten the permissions on your root directory. Your web server
   shouldn’t be allowed write there at all. Either use chmod to change permission
   or chown if you can to change ownership.
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710343)
 * donncha,
 * I can tell you that over the last week or so, I helped someone that was seeing
   directories created in her site root.
 * The cause was 4 things:
 * 1. Despite the fact that her equivalent of public_html was chmod 755, supercache
   was saying the directory was writable.
 * 2. She was running 1 other plugin, the name of it escapes me, but I can dig it
   out of my emails if you are interested.
 * 3/4. Her 404.php was not actually sending a 404 but instead a 304. This was caused
   by a query_post that was being done in a sidebar file that was called via an 
   include on 404.php
 * Changing any of the above 4 items caused the directories to not be created.
 * The solution, btw, that I came implemented was to insure that her 404.php actually
   sent a 404.
 * supercache looks for 404s, not finding one, (under the above set up) the latter
   have of the url ended up causing a directory to be made, ie:
 * [http://www.blog.com/some_permalink/something_that_doesnt_exist](http://www.blog.com/some_permalink/something_that_doesnt_exist)
 * would create something_that_doesnt_exist within the cache directory,
 * and this:
 * [http://www.blog.com/some_permalink/http://something_that_doesnt_exist](http://www.blog.com/some_permalink/http://something_that_doesnt_exist)
 * would create something_that_doesnt_exist within the WordPress root.
 * If you are interested I can pass along the info of the site and an email addy
   of the owner..
 * —
 *  Thread Starter [cachemoney](https://wordpress.org/support/users/cachemoney/)
 * (@cachemoney)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710425)
 * Thank you both for the insight into how this may have happened. It sounds like
   someone’s browser requested an image from another website for some reason and
   wordpress/super-cache created the directory structure to match that failed request.
   That’s a relief, I was panicking when I first saw it.
 * My webhost (dreamhost) has the directory structure set up a little differently
   than most hosts. My / dir contains folders with the names of the domains in my
   account, and each of those is it’s own “root” for that site. Those folders themselves
   are chmodded 755.
 * I’m using the [sandbox](http://www.plaintxt.org/themes/sandbox/) template, which
   I believe does something differently with 404 pages, beyond that is beyond me.
 *  [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710429)
 * whooami – that’s really interesting. I’ll have to test that and debug it. Can
   you email me at donncha @ ocaoimh.ie please? I have enough to go on, but I’d 
   like to give credit where it’s due!
 *  [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710430)
 * I Just tried to replicate the 404 problem and couldn’t. That’s strange.
 *  Thread Starter [cachemoney](https://wordpress.org/support/users/cachemoney/)
 * (@cachemoney)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710432)
 * I can’t replicate it either. The site in question is fairly busy and I’ve only
   seen it happen that once.
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710433)
 * yes, I will send off an email to you this evening — unfortunately I have my hands
   tied with a disk failure right now.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Super Cache Security Clarification’ is closed to new replies.

## Tags

 * [chmod](https://wordpress.org/support/topic-tag/chmod/)

 * In: [Installing WordPress](https://wordpress.org/support/forum/installation/)
 * 7 replies
 * 3 participants
 * Last reply from: [whooami](https://wordpress.org/support/users/whooami/)
 * Last activity: [18 years, 3 months ago](https://wordpress.org/support/topic/super-cache-security-clarification/#post-710433)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics