Recently my client got an alert from the Wordfence plugin stating the following:
* File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/blog/index.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/index-mobile.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/index.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-12763e2b351a1e0b81b53ac2851629e0.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-91d5d866f78bc7518c6db88fafd4fc90.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/wp-cache-a3aa43761ce8e3a8cc535e5d2e180ded.html * File contains suspected malware URL: /var/www/vhosts/domain.com/httpdocs/wp-content/cache/supercache/www.domain.com/blog/2012/10/wordpress-security-plugins-wordfence/index.html * Post contains a suspected malware URL: WordPress security plugins: Wordfence
However, there was nothing in those files when I looked that indicated malware to me, and the messages themselves give absolutely zero indication as to what triggered them. There is no additional info in the dashboard either. The only thing I saw was the files that were tagged all had this snippet in them:
and when I did a search for what was generating that I saw a couple of sites that reported that script call as a possible xss attack:
Is Wordfence erroneously reporting itself as malware? If not, how can I find out what it is actually saying the issue is?