Wordfence alerts that W3 Total Cache was modified

Yes. You should. Looking into some posts saying vendor has been compromised.

https://www.wordfence.com/blog/2017/05/22-abandoned-wordpress-plugins-vulnerabilities/

Did some more digging, looks like normal update to the plugin.

https://wpvulndb.com/plugins/w3-total-cache

Thank you, I hope you’re right!

It’s a little spooky when an update doesn’t get announced and made available by the usual procedure, which Wordfence sniffs out so that’s how I have to learn about them. I’m not fond of this and inevitably leads to less trust in the plugin…

Is this the official W3 Total Cache response then, that this was a valid update which was just not disclosed publicly?

• This reply was modified 7 years, 2 months ago by susantau.

Dear W3 Total Cache,
I have received a new warning from Wordfence about W3 Total Cache:

Modified plugin file: wp-content/plugins/w3-total-cache/w3-total-cache-api.php
Filename: wp-content/plugins/w3-total-cache/w3-total-cache-api.php
File Type: Plugin
Issue First Detected: 2 days 21 hours ago.
Severity: Warning
Status New
This file belongs to plugin “W3 Total Cache” version “0.9.6” and has been modified from the file that is distributed by www.ads-software.com for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don’t manage their code correctly. [See our FAQ on https://www.wordfence.com for more info]

I did not modify the file myself, so why is this happening?

• This reply was modified 7 years, 1 month ago by susantau.

And btw, @skowronek, this link tells me nothing:

https://wpvulndb.com/plugins/w3-total-cache

could you elucidate why you gave me that link as somehow proof that the earlier unannounced modification I reported above was a normal update?

Please let me know if this is a genuine W3 Total Cache update or of I should be concerned about my site being hacked.
Thank you.

I know you are busy, but I would immensely appreciate your replying to this simple question.

Thanks,
Susan

1 month still no answer on a pertental hack of a plugin
I guess that answers the question no reply plugin was taken over or just the support of w3TC need more people to answer important posts. very disappointed in this plugin

had same alert on my site and now going to remove the plugin on all

Please answer how we can fix this. Where its finding simple updates to the plugin and not finding the change and reporting as a hacked file
PLEASE

Clearly, the safest thing to do for my clients’ sites at this point, after weeks of this important security question going unaddressed by W3 Total Cache support, is to replace W3 Total Cache with another caching plugin.

The thing is though, I really LIKE W3 Total Cache – it’s a great caching plugin! So I keep hoping that W3 Total Cache support will finally kick in and explain why their plugin gets these unannounced updates that get red-flagged by Wordfence and why these updates are truly legitimate and not a concern. Something. Anything?

Received a new message from Wordfence today:

Alert generated at Friday 23rd of March 2018 at 04:21:05 AM
Warnings:
* Modified plugin file: wp-content/plugins/w3-total-cache/w3-total-cache-api.php

I am sadly removing W3 Total Cache one by one from each of my sites. The combo of these Wordfence warnings with no attempt to explain the unannounced updates from W3TC support is just too spooky for me.

I am sorry for the delay on this issue. Please keep in mind that if you have automatic updates enabled on your WordPress it is normal to receive those messages from Wordfence, becuase when a new version of plugin is found, it will get updated by your wordpress installation.

Here at W3 Total Cache we do not push updates to any installation, but we always advise our users to have the plugin updated to latest version. Our latest official release is 0.9.7 which is successfully used by our customers without any vulnerabilities reported.

Kind regards!
Bogdan S.