@boardboss – unfortunately the exploit is in another plugin and WP Super Cache was caching the pages on your site that had the malicious code embedded in them. Your malware scanner picked up that code in the html pages.
Get your malware scanner to scan your other plugins and code as it’s still on your site, hiding away. 🙁
Thank you for the reply. I have a malware scanner that flagged these files, and I ran two more malware scans after I removed your plugin and deleted the cache folder.
Since your response seemed to indicate that malware still exists, which malware scanner would you suggest I run to check for possible exploits? I already signed up for Malcare, which seemed to be the best based on some brief research, and ran a scan using that plugin. Malcare indicated the site was safe and nothing nefarious was found: “No active compromise detected in the latest scan. Keep your site protected with continuous monitoring.”
Two to choose from are Jetpack Scan or Wordfence but I’m not familiar with others.
It may well be that Malcare detected a false positive in the cached pages. If you downloaded them before deleting them, maybe you can look at what was causing the problem.
Okay, so I installed Wordfence Security and JetPack Protect (I could not find Scan when searching the plugins via the admin dashboard). Wordfence Security reported no issues found, with the exception of one theme and one plugin needing to be updated. Both are set to automatically update in a couple of hours, and both are at their current versions, so I ignored that issue. JetPack Protect reported: “Don’t worry about a thing The last Protect scan ran 1 hour ago and everything looked great.”
Regarding the files that were on the site in the cache folder, there appeared to be one folder for each post. I randomly checked several folders and they all had the same two file types. One was a file with the name “index-https.html” and the other was a .zip file. The ZIP file might have had the same name, I do not recall. I wanted to get them off of the server immediately, so I deleted the cache folder and ultimately the plugin itself.
