Title: PHP in cache-directory Last modified: March 16, 2025 --- # PHP in cache-directory * Resolved [rasihx](https://wordpress.org/support/users/rasihx/) * (@rasihx) * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/) * Hello, * I recently encountered an issue with WP Super Cache where files starting with the prefix `view_` (e.g., `view_8d5b777336fce904492f7f18a0ee3f2c.php`) were being created in the cache directory. These files appeared empty, but I was concerned that they might be used for malicious purposes. * After investigating, I deactivated WP Super Cache, and I noticed that the cache directory and the `view_...php` files were deleted, which seemed to have resolved the issue. * Could someone please confirm if WP Super Cache is indeed responsible for creating these files? And if so, could this behavior pose any security risks? I would appreciate any insights into how these files are being generated and if there’s a way to prevent them in the future. * Thanks in advance for your help! * Best regards, * Rainer Viewing 5 replies - 1 through 5 (of 5 total) * [Bruce (a11n)](https://wordpress.org/support/users/bruceallen/) * (@bruceallen) * Happiness Engineer * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18370741) * Hi [@rasihx](https://wordpress.org/support/users/rasihx/) * Per WP Super Cache’s documentation: 1. **Standard Files**: [The plugin generates **only** `index.html` and `wp-cache-*.php` files](https://developer.jetpack.com/docs/customization/wp-super-cache/wp-super-cache-faq/#wp-cache-vs-supercache-files).` view_*.php` files **are not created by WP Super Cache**. 2. **Possible Causes**: 3. - A third-party plugin/theme using WP Super Cache’s caching hooks. - Custom (possibly malicious) code in the `wp-super-cache-plugins/` directory. 4. **Next Steps**: Follow the [Advanced Troubleshooting Checklist](https://jetpack.com/support/wp-super-cache/advanced-troubleshooting-checklist/) to: 5. - Test for plugin/theme conflicts. - Check for [custom plugins](https://developer.jetpack.com/docs/customization/wp-super-cache/writing-wp-super-cache-plugins/) in `wp-super-cache-plugins/`. * Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/) * (@donncha) * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18377150) * Those view*.php files are created by the debug process in the plugin. If you ever look at the debug log, you’re using one of those files. * I’m surprised they are blank files. Were they 0 bytes, or just didn’t display anything when you loaded them? * Thread Starter [rasihx](https://wordpress.org/support/users/rasihx/) * (@rasihx) * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18387628) * Hello Donncha, * Thank you for your response and clarification regarding the view_*.php files. * To answer your question, the files were indeed 0 bytes in size, and when I attempted to open them, nothing was displayed. I haven’t investigated them further, but given the context of my website being hacked, I wanted to ensure that these files were not being used maliciously. * Since I deactivated WP Super Cache and restored my website from a backup, I haven’t observed any further issues, and the site has not been compromised again. * Would you recommend any specific actions to prevent the creation of these empty files in the future, or is there any additional security measure I should take to ensure my site remains secure while using WP Super Cache? I would appreciate any advice on this. * Thanks again for your help! * Best regards, Rainer * Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/) * (@donncha) * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18388848) * > Would you recommend any specific actions to prevent the creation of these empty > files in the future, or is there any additional security measure I should take > to ensure my site remains secure while using WP Super Cache? I would appreciate > any advice on this. * I’m not sure why those files were 0 byte files. When your site was hacked, did the attacker fill the available space? That might have caused the plugin to create 0 byte files. However, when an attacker is in your system who knows what they may have done? * I don’t think you need to worry about WP Super Cache. The cache directory is writable, so an attacker can put php files in there, but so is your uploads directory. It’s an old plugin that has been audited many times by different people. I have no concerns about using it on any of my sites. * Plugin Support [Stef (a11n)](https://wordpress.org/support/users/erania-pinnera/) * (@erania-pinnera) * [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18400592) * Hi there, [@rasihx](https://wordpress.org/support/users/rasihx/), * I’m going to mark this thread as solved as it’s been inactive for more than one week. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers! Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘PHP in cache-directory’ is closed to new replies. * ![](https://ps.w.org/wp-super-cache/assets/icon-256x256.png?rev=3506220) * [WP Super Cache](https://wordpress.org/plugins/wp-super-cache/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-super-cache/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-super-cache/) * [Active Topics](https://wordpress.org/support/plugin/wp-super-cache/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-super-cache/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-super-cache/reviews/) * 5 replies * 4 participants * Last reply from: [Stef (a11n)](https://wordpress.org/support/users/erania-pinnera/) * Last activity: [1 year, 2 months ago](https://wordpress.org/support/topic/php-in-cache-directory/#post-18400592) * Status: resolved