Support » Fixing WordPress » Find anonymous and malicious addresses and malicious software in cache by scanni

  • I scanned wordfence a few weeks ago and after scanning, it found several malicious files and malicious software with different addresses on the site in the plugin cache folder with the following description:

    File contains suspected malware URL: wp-content/cache/wpo-cache/****/*******-%D8%A8%D8%A7-%D8%B2%DB%8C%D8%B1%D9%86%D9%88%DB%8C%D8%B3-%D9%81%D8%A7%D8%B1%D8%B3%DB%8C/index.html
    Type: File
    Issue Found August 8, 2021 19:41
    Critical
    IGNORE
    DETAILS
    Filename: wp-content/cache/wpo-cache/****/*****-%D8%A8%D8%A7-%D8%B2%DB%8C%D8%B1%D9%86%D9%88%DB%8C%D8%B3-%D9%81%D8%A7%D8%B1%D8%B3%DB%8C/index.html
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: [ malware link deleted, do not post that ]
    Details: This file contains a URL that is currently listed on Wordfence’s domain blocklist. The URL is: [ malware link deleted, do not post that ]

    Every time I delete or mark as fixed or ignore it, it finds wordfence again after a few hours

    After a few days of disruption on my site, Both myself and users, when we wanted to enter the site manually, through Google or through short site links, would enter this link instead of entering the site

    [ malware link deleted, do not post that ]

    I spoke with the support of the host server and they reset my host and installed WordPress from scratch. And I checked all the plugins and deleted a series of plugins. I changed the WordPress version from 4.8 to 5.8. I changed the php version from 7.2 to 7.4

    But this problem still exists after a few hours and I scan with wordfence. Finds about 40-50 Issue Found Criticals at [ malware link deleted, do not post that ]

    Another test I took was to delete or disable two of the wp optimize and wp rocket plugins (free version of both plugins) which are for clearing the cache from WordPress. Then I scan with wordfence, it does not find the Issue Found Critical

    Is there a problem with these plugins?

    ?It may be because of server host

    Cloudflare which is currently on high mizam, this problem occurs every few hours and the site jumps to the link [ malware link deleted, do not post that ] and does not open. even by clearing the cache and no error It is not in C Panel, neither in WordPress, nor in WordFence

    But the Under Attack Mode option that I enable in cloudflare opens the site

    Thank you for your help

    • This topic was modified 9 months, 1 week ago by Steve Stern (sterndata).
    • This topic was modified 9 months, 1 week ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Rep

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter saeedmzi

    (@saeedmzi)

    thanks for your help
    I checked everything in these few days. When I scan with the Sucuri site, it finds bad malware. Exactly finds the main link. But unfortunately, it costs me a lot to solve the problem through these companies. There is no solution other than WordPress to fix it for free?

    • This reply was modified 9 months, 1 week ago by saeedmzi.

    do you have backup if yes then restore the backup

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Rep

    The instructions linked above will allow you to fix it for free. “WordPress”, whoever you thing that is, cannot fix it for you.

    Thread Starter saeedmzi

    (@saeedmzi)

    Yes, I have a backup
    I’m restoring

    Yes, I have a backup
    I’m restoring

    hopefully backup is clean also dont forget to update everything to latest after restoring the backup

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Find anonymous and malicious addresses and malicious software in cache by scanni’ is closed to new replies.