W3 Total Cache – Malware in Object Cache

If I disable W3 Total Cache and use WP Super Cache and rescan no issues are found

Hi,

Thanks for the follow-up. Depending on what other plugins you use, suspicious code that isn’t dangerous could appear in the object cache, and may reappear every time a page (or ajax request) is loaded. If it’s still happening, you can send us a copy at: samples (at) wordfence.com

-Matt R

Hi Matt – ok just sent you an example.

Thanks for sending the sample. It looks like a normal object cache file, including the records from the wp_options table, and some of the text it contains was from another security plugin — so it included some of the suspicious PHP functions, but only as explanations of issues it may find.

I think if you disable “Enable HIGH SENSITIVITY scanning. May give false positives” in the Wordfence scan options, it shouldn’t pick up these files. (It’s ok to leave it on, if you prefer, if you know that it may pick up more files like this though.)

-Matt R

Hi Matt – I have Enable HIGH SENSITIVITY disabled and Disable config caching enabled but it still picks it up.

Hi,

Is it the same exact file that you had sent previously, or possibly a different file from the object cache folder? It might be that some of the other cached files contain different code that is picked up without high-sensitivity scanning enabled.

The message on the scan results list is probably enough to tell if it is different. You can post screenshots here using a site like postimg.org or similar sites, if that’s easier.

-Matt R