Title: Malware: Cache Performance Helper Last modified: February 4, 2026 --- # Malware: Cache Performance Helper * [Cezar Ayran](https://wordpress.org/support/users/ayrancd/) * (@ayrancd) * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/) * Many of my clients are being infected and this plugin is being installed to all of them. * ```wp-block-code Plugin Name: Cache Performance Helper Description: Improves cache performance and optimization Version: 2.4.1 Author: Developer License: GPL-2.0+ ``` * I couldn’t figure out what plugin could be leaving the door open, the theme is the same (Avada) which I think it is fine but there’s something else leaving the back door open. Anyone else having the same issue? * We have another topic from this website but I am moving it to wp.org [https://wordpress.com/forums/topic/tons-of-wp-website-being-infected/#post-4097247](https://wordpress.com/forums/topic/tons-of-wp-website-being-infected/#post-4097247) Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [threadi](https://wordpress.org/support/users/threadi/) * (@threadi) * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18808879) * My recommendation: first read this article: * > [FAQ My site was hacked](https://wordpress.org/documentation/article/faq-my-site-was-hacked/) * After that I would recommend checking whether you still have a clean backup. If necessary, ask the support of your hoster. If so, delete all files and the database and restore the backup. Then change all access data in the hosting ( also FTP, hosting login ..). * So if you still have a clean backup of your website, use that. * It is difficult to investigate where a hack came from. In addition to the plugins and themes used, the hosting itself can also be the cause. An insecure server configuration where multiple websites can see each other can be really annoying. Insecure passwords for hosting, FTP, or other access points can also be harmful. If you want to investigate the details, look at the modification times and perform a log file analysis. You may then find clues as to how this ominous plugin (which I’ve never heard of, by the way, but which sounds strange even from its name) got into the project. You can often hire someone to perform such analyses, but you should expect to pay a hefty fee, as it is not an easy task. * Otherwise, your only option is as mentioned above: restore the project cleanly, install all outstanding updates, possibly install a security plugin ([see notes here](https://developer.wordpress.org/advanced-administration/security/hardening/)), and pay more attention to the project in the future by maintaining it regularly. * [Alice Farrelly](https://wordpress.org/support/users/alicemaywebdesign/) * (@alicemaywebdesign) * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18809055) * There definitely doesn’t seem to be any plugins in common across our various sites. I would be interested if anyone does find what the vulnerability was * Moderator [Yui](https://wordpress.org/support/users/fierevere/) * (@fierevere) * 永子 * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18809121) * [@alicemaywebdesign](https://wordpress.org/support/users/alicemaywebdesign/) It can be also a custom plugin or its very common to mask malware under some common/generic names. * Also note that vulnerability details, attack vectors, exploits and malware code are not to be shared on WordPress.org forums. * Thread Starter [Cezar Ayran](https://wordpress.org/support/users/ayrancd/) * (@ayrancd) * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18809866) * [@fierevere](https://wordpress.org/support/users/fierevere/) [@threadi](https://wordpress.org/support/users/threadi/) * We have clients that also use Sucuri to scan files and database and as soon as the fake plugin is removed, nothing else can be found. Today I’ve removed that plugin from 3 websites so far, it is probably over 20 since last week. I doubt it is just a cleaning and restoring backup, there’s something, somewhere… more users are reporting the same issue and we are NOT using the same plugins and themes which leads us to a WP Core thing that needs to be checked. * Also different hostings, no custom PHP code or plugin. - This reply was modified 4 months, 1 week ago by [Cezar Ayran](https://wordpress.org/support/users/ayrancd/). * Moderator [threadi](https://wordpress.org/support/users/threadi/) * (@threadi) * [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18809921) * Using a clean backup and then updating all components of the project will result in a clean project. This is the most sensible way to restore your project after a hack, without a huge amount of effort. * Please also note [@fierevere](https://wordpress.org/support/users/fierevere/)‘ s comment: * > So note that vulnerability details, attack vectors, exploits, and malware code > are not to be shared on WordPress.org forums. * I am therefore closing this topic. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Malware: Cache Performance Helper’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 4 participants * Last reply from: [threadi](https://wordpress.org/support/users/threadi/) * Last activity: [4 months, 1 week ago](https://wordpress.org/support/topic/malware-cache-performance-helper/#post-18809921) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics