How does the cache plugin work

  • Resolved kristinubute

    (@kristinubute)


    4 months, 2 weeks ago

    Hi

    I’ve installed Wordfence to do some scanning on a client site and finding some dodgy files in your plugin directory. Obviously it won’t be from your plugin BUT…

    The scan came up with a few dodgy files in the cache directory in wordpress. So I removed your plugin entirely which I thought would fix it. I’ve removed the affected file in Storefront also (only 1)

    Can you explain how the cache works and how it picks any dodgy files, does it copy that dodgy file also into your cache directory ?

    So I’m trying to figure out HOW to fix it, find all files that are causing it. Not sure HOW or WHY it is coming directly into that directory of your plugin when I reinstall it completely.

    Do you have any suggestions that can help please?

    I’m trying to fix things, so then thought after cleaning up WordPress etc, then I assume I have to uninstall the cache plugin again from scratch. Thereby removing any remnant of the dodgy file?

    All suggestions and help would be greatly appreciated.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Tamirat B. (a11n)

    (@tamirat22)

    Hi @kristinubute ,

    Caching plugins like WP Super Cache work by creating and serving static versions of your dynamic WordPress pages.

    If malicious files are found within the cache directory and they are not false positives, it likely means that the cached versions of pages at the time when the site was scanned included those files. The cache itself doesn’t pick or copy malicious files; it generates cached versions based on what exists on the site at the time of caching.

    To address the issue:

    1. Ensure your WordPress core, plugins, and themes are all updated to the latest versions. These should keep any unwanted vulnerabilities in check.
    2. Run a scan with a security plugin to identify and remove any infected files.
    3. After cleaning the site, you may need to clear the cache to ensure cached versions do not contain any of the problematic files.

    Reinstalling our plugin from scratch after cleanup is a good practice.

    If the above steps do not address your issue, please share with us the details of the security report you are getting from Wordfence, and we’ll have another look. If you want to remain private, you can share follow up with us through our contact form. Please include a link to this thread if you decide to follow up with us directly.

    Thank you!

    Thread Starter kristinubute

    (@kristinubute)

    Thanks so much, that is appreciated !

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags