posts being updated in cache

  • Resolved geomouchet

    (@geomouchet)


    4 years, 6 months ago

    I have a site that keeps getting hacked with links inserted into pages and posts. Wordfence identifies the hacked page, but doesn’t give any clue as to where the problem is coming from. Below is an example of one of the messages:

    File appears to be malicious: wp-content/cache/all/2005/09/index.html
    Type: File
    Issue Found August 31, 2020 11:12 AM
    Critical

    The malicious files are all copies of the original posts with inserted links.

    I have WordPress 5.5 running on PHP 7.2. My caching plugin is WP Fastest Cache.

    Clearing cache gets rid of the inserted links, but they come back a day or two later. I did have a really old version of revslider that was known to be vulnerable. I paid to update to the latest version. There are currently no outdated plugins and no clue from Wordfence as to what is doing this. How do I fix this?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter geomouchet

    (@geomouchet)

    Additional info: some, but not all, of the hacked files have permissions 666. After deleting and regenerating the cache all of the files and folders in cache are 775. This is probably a clue to the exploit.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @geomouchet, thanks for providing us with some very thorough information in relation to this problem.

    It sounds like you may need to clean your site or at least follow this checklist:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Make sure to get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility you still need the latest update in that version. Those can be found here:

    https://www.ads-software.com/download/releases/

    WordPress sometimes patches their older releases if they find a vulnerability so make sure to update your version if needed. We, of course, recommend that you update to the latest version.

    It will be important to update your passwords for your hosting control panel, FTP, WordPress admin users, and database. Make sure to do this as a compromised site could be accessed again after cleaning if the passwords are all as they were during the attack.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.

    If you are unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

    Thanks,

    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘posts being updated in cache’ is closed to new replies.