Mailpoet Cache Folder

  • Resolved lrorr

    (@lrorr)


    4 years, 7 months ago

    Hello there

    In the course of routine maintenance and security checks on our website, which utilises MailPoet, our installation of Cerber Security flagged up the cache folder used by MailPoet (some 2000 files) as all either ‘suspicious code’ or ‘executable code’, with the error message:

    “This file contains executable code and may contain obfuscated malware. If this file is a part of a theme or a plugin, it must be located in the theme or the plugin folder. No exception, no excuses.”

    It seems like a fairly valid and serious security concern that the publicly accessible uploads folder is being used to store code, with no apparent means for purging, nor any seeming reason not to use its own plugin folder.

    Some insight would be greatly appreciated.

Viewing 1 replies (of 1 total)
  • Elvira K.

    (@treibalen)

    4 years, 7 months ago

    Hi there @lrorr,

    Thanks for reaching out!

    These files are expected in normal MailPoet operation, and are a false positive of such security scanners.

    The wp-content/plugins folder is often not writable, so in a good number of cases keeping the cache folder as part of the plugin is just not an option.

    The generated template files should output nothing. They only contain precomputed templates, and no sensitive data. The plugin is open-source, so everyone can already view the contents of such files.

    You can change the location of the cache folder by following these steps: https://kb.mailpoet.com/article/337-wp-engine-caching-problems

    I hope this clarifies a bit, but please let us know if you have any questions!

Viewing 1 replies (of 1 total)

The topic ‘Mailpoet Cache Folder’ is closed to new replies.