Title: cache files compromised? Last modified: June 27, 2021 --- # cache files compromised? * Resolved [n00b82](https://wordpress.org/support/users/n00b82/) * (@n00b82) * [4 years, 11 months ago](https://wordpress.org/support/topic/cache-files-compromised/) * Hi, I got an email from DreamHost saying my website may have been hacked and the email identified these files: * We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts. * The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write- only). You will need to audit these files and either replace them with known good versions or remove them altogether: * /home/user-name/website.com/wp-content/nfwlog/cache/backup_1624227373_60cfbe2d1897c2.12561092. php /home/user-name/website.com/wp-content/nfwlog/cache/backup_1624324452_60d13964650843.54672699. php * I deleted the files and went through the usual security checklist, but I was hoping you could tell me how this may have happened, or if I need to change settings so it does not happen again? * Thank you Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [4 years, 11 months ago](https://wordpress.org/support/topic/cache-files-compromised/#post-14601717) * It looks like a false positive. Those files are NinjaFirewall’s daily backup ( rules and configuration). They aren’t accessible to web users. You may need to tell your host about that, or they will keep flagging them everyday as soon as a new one is created. * Thread Starter [n00b82](https://wordpress.org/support/users/n00b82/) * (@n00b82) * [4 years, 11 months ago](https://wordpress.org/support/topic/cache-files-compromised/#post-14603438) * thank you very much! * Thread Starter [n00b82](https://wordpress.org/support/users/n00b82/) * (@n00b82) * [4 years, 11 months ago](https://wordpress.org/support/topic/cache-files-compromised/#post-14603467) * Marking as resolved Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘cache files compromised?’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 3 replies * 2 participants * Last reply from: [n00b82](https://wordpress.org/support/users/n00b82/) * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/cache-files-compromised/#post-14603467) * Status: resolved