hacked – wp-content/cache/

the folder should be 755. but the problem is not about the permission I guess. The hacker is in your site I think.

I’ve scoured and scanned and that was the only malware. Wordfence reports details of hacking attempts, failed log ins etc.

I have no idea.

@maggieymae I am not sure if you resolved this entirely but hopefully you were able to find any malicious files and remove them, while also changing all account passwords to your website including hosting, wordpress, etc.

Personally I see many attacks daily on sites for brute force and sql injection that I would not be concerned about if Wordfence is not finding any new issues with files on your server, similar to the webcache it flagged. However I know Wordfence has flagged the wp fastest cache for me before and I personally clicked to ignored it thinking it was normal, and have not had any issues after doing so. Though if you really found some sort of added directory/folder with some sort of redirect or form then that is a cause of concern. I better do a review of the sites I manage, that uses both plugins, just to be safe.

I recommend you to set up wp again. even you can change the hosting provider.

Thanks for the responses. I’ll be keeping an eye on the site. I do believe that this is a false positive in Wordfence. I examined the file closely because it was generated by WP Fastest Cache again after being deleted once and the cache cleared. It was a gmail icon in the media library. Apparently an index.html file was generated for this image file. Does the plug-in generate html files for each image?

wpfc does not create an index.html for any image.

Thank you – I’ll investigate further.