BugWP logo BugWP
Back to Community
Home / Community / PluginWp super cache

Understanding and Fixing Malware Scans in WP Super Cache

16 threads Sep 16, 2025 PluginWp super cache

Content

If you've found a security scanner like Wordfence or a hosting provider flagging files in your wp-content/cache/supercache/ directory, you're not alone. This is a common and often misunderstood issue for users of the WP Super Cache plugin. This guide will explain why it happens and the steps you can take to resolve it.

Why This Happens: It's a Symptom, Not the Cause

Contrary to what the scan results might suggest, WP Super Cache itself is not the source of the malware. The plugin's primary function is to save copies of your website's pages as static HTML and PHP files to serve them faster to visitors. The critical thing to understand is that it caches exactly what your site generates.

If your WordPress site is compromised by malware—even subtly—that malicious code will be output on your pages. WP Super Cache will then faithfully save that infected output into its cache files. When a scanner later finds code like eval($_POST[...]) in a file like meta-wp-cache-3af962115dc41fa3b1a822b0095df0ac.php, it is correctly identifying malicious code. However, the infection originated elsewhere on your site; the caching plugin simply stored the result.

How to Confirm and Resolve the Issue

Follow these steps to address the root cause of the problem.

Step 1: Immediate Action – Clear the Cache

Your first step should always be to clear the WP Super Cache. This will delete all cached files, including the ones containing the malicious code.

  1. In your WordPress dashboard, navigate to Settings > WP Super Cache.
  2. Go to the Contents tab.
  3. Click the Delete Cache button.

After clearing the cache, run your security scan again. The previously flagged files will be gone. However, this is only a temporary fix. If the underlying infection remains, the malicious code will simply be re-cached the next time a page is generated.

Step 2: Investigate the Source of the Infection

Since the cached files are a reflection of your site's output, you must find and remove the original source of the malware. The infection could be in your theme, another plugin, or your WordPress core files.

  • Perform a Full Security Scan: Use a reputable security plugin (like Wordfence or Sucuri) to run a deep scan of your entire WordPress installation. This can help pinpoint the location of the backdoor or malicious script.
  • Check Recently Modified Files: Review your site's files for recent, unauthorized changes. Pay close attention to theme files (header.php, footer.php, functions.php) and plugin directories.
  • Review User Accounts: Ensure no unauthorized administrator accounts have been created.

Step 3: Perform a Complete Cleanup

Based on your investigation, you need to eradicate the infection.

  • Update Everything: Ensure WordPress core, all plugins, and your theme are updated to their latest versions to patch any known vulnerabilities.
  • Replace Suspicious Files: Replace any infected theme or plugin files with fresh copies from their official sources.
  • Consider Professional Help: If the infection is severe or difficult to find, you may need to engage a professional malware removal service. They specialize in rooting out well-hidden threats.

Step 4: Harden Your WordPress Security

Once your site is clean, take steps to prevent it from happening again.

  • Use strong, unique passwords for all user accounts, especially administrators.
  • Limit login attempts.
  • Consider implementing a web application firewall (WAF).

Conclusion: Cache Files are the Canary in the Coal Mine

Finding malware in your WP Super Cache directory is alarming, but it is overwhelmingly a sign that your site has been compromised elsewhere. The plugin is doing its job by caching your site's output. Treat these security alerts as a valuable early warning system. By clearing the cache and then thoroughly investigating and cleaning your WordPress installation, you can resolve the security issue and restore your site's integrity.

Related Support Threads Support