Wordfence detecting pharmaceutical spam in cached page links

  • Resolved clarevanessa

    (@clarevanessa)


    1 month ago

    I have a client whose website has been getting emailed alerts from Wordfence (non-pro) with non-existent product URLs of non-authorised files that appear to have been cached by WP Super Cache plugin also on her website.

    I have found a similar sort of issue in this support thread – https://www.ads-software.com/support/topic/frequent-malware-in-wp-super-cache-cached-pages/ – but since Wordfence is marking these files as critical and they are also flagged slightly differently from that support thread as ‘HTML modification common to pharmaceutical spam’, I wanted to ensure she could safely hit the ‘delete all deleteable files’ button, plus I wanted to find out if there is a way to avoid these constant alerts if they are only false positives.

    FYI, all plugins and themes on the website are automatically kept up to date as released, and the same with WordPress version updates.

    I have included one of the filenames below as an example of the types of files that are coming up in scans (there were others with this one in today’s alert):

    Filename:?/home1/tfvyxymy/public_html/wp-content/cache/supercache/pure-essences.com/natural-medicine/clinic_menu/karusiumu-konpurito-calcium-complete-120ding-p616312499/index-https.html

    Hoping someone can offer a solution?

    Thanks,
    Clare

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @clarevanessa, thanks for reaching out about this.

    As /natural-medicine/clinic_menu/karusiumu-konpurito-calcium-complete-120ding-p616312499 relates to a legitimate page on the site that I just visited to check, you’re correct that these are being detected as false positives.

    Aside from being safe to ignore, some customers choose to exclude cached versions of their pages entirely from scans for reasons such as this, or just for generally speeding up a Wordfence scan. In Wordfence > All Options > Scan Options > Advanced Scan Options > Exclude files from scan that match these wildcard patterns you could add wp-content/cache/supercache/* or wp-content/cache/* depending on whether any of the detected files are outside of the “supercache” folder.

    I hope that helps you out!
    Peter.

    Thread Starter clarevanessa

    (@clarevanessa)

    Hi @wfpeter, apologies for my delayed reply coming back to this!

    That’s great to read that you agree the scans have likely only been detecting false positives and I have now added the wildcard pattern you suggested to Wordfence’s settings to start excluding these files from future scans.

    Thanks so much for your help!
    Clare

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.