Malware URL Included in wp-cache.php via WordFence Security Alert

I have this problem.. Is it something i need to be worried about?

You can choose to ‘ignore until the file changes’ under the warning in your scan results. We are alerting because it shows up, commented out or not.

I’m submitting as bug report on it so hopefully it will be fixed in a future release.

tim

@wfsupport: Agreed. I’m glad you guys are reporting it though. It is a legit malware URL. It would require a user to go into the code and copy and paste the link into a browser, but it would still be best if WP Super Cache removes it though.

I believe this has been fixed in the current version. Download WP Super Cache again to fix.

tim

Bravo. Yes, it’s all squared away now. Thanks to WordFence & WP Super Cache teams for quick fixes.

I am not sure if this is indeed resolved…One of my sites with WP Super Cache began crashing at midnight last night because CPU resources were maxed out. The host was able to block the plugins and I deleted WP Super Cache and the site has come back up. WordFence (also installed) did not detect anything. Not sure what version was installed when the site crashed because I have deleted the folder, but WP.com plugin manager indicates that the WP Super Cache was updated yesterday.

I have deactivated WP-S-C from the other site using it until there are indications that this is indeed fixed.

@jebswebs: The issue I reported in this thread is indeed fixed…I verified the changes in the code.

The issue reported here would not have caused the issue you’re experiencing, even if it had not been fixed. The malware URL was in a code comment, and was removed in version 1.4.8 anyhow. You should start a new thread for your issue, as it’s an entirely different issue. I would recommend working through the WP Super Cache documentation first, as you may be able to resolve your issue. To be honest, I really doubt WP Super Cache was the cause of your high CPU usage and site crashing. I would recommend spending some time debugging your site thoroughly to make sure there aren’t any hidden issues you may not be aware of.

The real question is: why was the malware url in the comments? Who put it there and how can we be assured that malicious code won’t end up in the plugin in the future?

@bolson7: It appears to have been a legitimate site that originally did not contain malware, and malware was only recently discovered on it by Google Safe Browsing. Malware sites don’t always start off as malware sites. Could have been hacked, changed owners…there are a number of scenarios. Comments are often placed in code to reference a URL that may explain something more fully. WPSC’s author wouldn’t have knowingly referenced an active malware URL at the time it was included.

Put this thread to rest, folks, the situation is fixed.