Hi,
Thanks so much for reaching out about this! I haven’t encountered this issue before but I will notify our Product and Development team to look into to see if there is something we need to make changes to in regards to this file. Depending on how the site was infected it could have been replaced by another plugin that had access to the file system or could also have been something at the hosting level.
We will take a look on our side and see what changes might need to be made in an upcoming release!
In the /wp-content/wpo-cache/config/ folder contains the config-mydomain.php file. However, to my surprise, I found a different file, config-otherdomain.php, which caused the redirection.
Besides your plugin, Redis Object Cache plugin too encountered the same hack. Its object-cache.php file in /wp-content/ had redirection code inserted into it.
I’m beginning to whether there are security vulnerabilities for most caching plugins. Due to this concern, I had to remove both plugins from my website, and I haven’t had any further hacked redirection since.
Hi,
It sounds like someone has targeted your caching plugin but it could have been any of your plugins.
What might be helpful in these scenarios is a plugin that detect file changes, we have a free one: https://en-gb.wordpress.org/plugins/all-in-one-wp-security-and-firewall/ but there are others as well.
Ever since I deactivated and uninstalled the caching plugins, there hasn’t been any further redirection. As you said, it could’ve been any plugin, but nothing has happened. So, I’m curious why target only the caching plugins? Are they that vulnerable?
It’s difficult to say why the caching plugins. Object caching and browser caching are very different mechanisms. They work in very different ways. I suspect they were targeted as pretty much every website has at least one caching plugin and this can be seen in the headers of any website.
My advice would be to try Cloudflare (you can use this with WPO if you like). It would hide this information. It works really well as a first line of defence. We use it on all of our sites. There is a free tier. We are in no way affiliated with Clouflare, I just think it’s an excellent service!
