BoldGrid, a WordPress product and services company, announced today that it has joined forces with W3 Edge, the parent company behind the popular W3 Total Cache (W3TC) plugin. BoldGrid acquired the W3TC plugin and retained its creator, Frederick Townes, along with its development and support staff. The two teams will operate as sister companies but jointly work on the plugin’s future roadmap.
“There are some things a larger team can accomplish for Total Cache that we are targeting right now,” said Brad Markle, development manager at BoldGrid. “After a few more releases of core Total Cache features, the TC team is slated to help accelerate our CRIO Theme Framework on the BoldGrid side.”
BoldGrid has a range of plugins, themes, and services for WordPress sites. The company offers plugins like its post and page builder, themes such as its “super theme” CRIO, and services like testing and performance coaching.
W3 Edge’s primary product is its W3TC plugin, which serves as the caching solution for over one million WordPress installs. It is one of the most-used caching plugins available in the official WordPress plugin directory.
Many competing caching plugins have been gaining considerable exposure in the past few years. Some of those are free. Others, such as WP Rocket, have captured large segments of the premium market. Managed WordPress hosts also generally offer built-in caching solutions as part of their strategy to build their customer numbers. The question is whether this move will provide growth for W3TC and any related products or services.
The Future of the W3TC Plugin
The BoldGrid team has plans to continue developing the W3TC plugin. “Since joining with the awesome team at W3, we have been working to add in some slick new features like Caching Statistics and Lazy Loading,” said Harry Jackson, product manager at BoldGrid.
“We are also looking to partner with theme and plugin developers to ensure the widest range of compatibility for the product, and the WordPress Community,” said Jackson. It is unclear what such partnerships would entail and the type of compatibility needed from third-party developers. The BoldGrid team did not provide further details.
For some users, the W3TC interface and options can be overwhelming. “User Experience is at the top of the list of things we are working on,” said Sash Ghosh, BoldGrid’s marketing manager. “It can be challenging for some users to fully understand and utilize all the powerful features. We will soon be adding an on-boarding and configuration guide to the plugin that will hopefully make the plugin accessible to more users.”
Building Trust After a Rocky Past
Despite setbacks in 2016, the W3TC plugin has maintained over one million active installs over the past three years. In March of that year, there was concern that the plugin was abandoned after no activity for seven months. The plugin was not working for many users on the latest version of WordPress.
Much of the issue seemed to stem from not yet knowing how to scale such a popular product with a small team.
Later in September of 2016, a high-risk XSS vulnerability was discovered with the plugin. The plugin developer patched the plugin quickly. However, the updated versions introduced new bugs and a poor experience for many users.
While things seem to have been running more smoothly in recent years, there is still some level of distrust within the inner WordPress community. When asked how they are prepared to address past issues and assure they are looking out for the best interests of users in the future, the BoldGrid team said that security is a top priority. They also expressed their openness to community feedback for improvement.
“As with all big plugins, there are challenges with functionality, features, and security,” said Jackson. “With a bigger team and additional Quality Assurance resources we feel that Total Cache will continue to improve in all the major areas. We have also introduced a public pull request process to facilitate additional feedback and bug fixes. Though you can’t ever guarantee security, our team is very committed and respects our responsibilities to our million-plus users.”
What is referred to as a “high-risk XSS” vulnerability in your article is actually very low risk. It was a reflected cross-site scripting (XSS) vulnerability, which isn’t something that hackers try to exploit at all on the average website and even in a targeted attack an attacker would have to bypass protection provided by major web browsers other than Firefox. The claim that it was high-risk came from a company behind a competing caching plugin, which wasn’t clearly noted in the linked source.
Our experience has been that severity based ratings of WordPress plugin vulnerabilities often significantly overstate the risk and we have found that it is better to express the risk based on the likelihood of exploitation since that provides a better understanding of the danger presented by the vulnerability.