cache/xedmdvy4vnroflyJ.php file has changed – malware code injection? | WordPress.org

freshwater
(@freshwater)

12 years, 3 months ago

my Better WP Security sent me an email and i use FS Contact Form.

A file (or files) on your site at MYSITE.com have been changed. Please review the report below to verify changes are not the result of a compromise.

wp-content/plugins/si-contact-form/captcha/cache/xedmdvy4vnroflyJ.php

is this a malware code injection?

thank you!

FW

https://wordpress.org/plugins/si-contact-form/

Viewing 1 replies (of 1 total)

JacobN
(@jacobn)

12 years, 3 months ago

It looks like the Fast Secure Contact Form uses the /captcha/cache/ directory to place CAPTCHA challenge responses temporarily.

When using the Better WP Security plugin, you can navigate to Security from the left-hand menu, then click on Intrusion Detection.

If you scroll down to the File Change Detection section, there is a Include/Exclude List drop-down that you should set to Exclude. Then below that in the File/Directory Check List field type in an exception for the Fast Secure Contact Form cache directory like this:

wp-content/plugins/si-contact-form/captcha/cache

That should stop you from getting alerts about files in that specific directory.

– Jacob

Viewing 1 replies (of 1 total)

The topic ‘cache/xedmdvy4vnroflyJ.php file has changed – malware code injection?’ is closed to new replies.

1 reply
2 participants
Last reply from: JacobN
Last activity: 12 years, 3 months ago
Status: not resolved