Title: Plugin possibly exploited Last modified: June 1, 2026 --- # Plugin possibly exploited * [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [3 days, 16 hours ago](https://wordpress.org/support/topic/plugin-possibly-exploited/) * A malware scanner reported multiple exploits in multiple subfolders of the Cache- >supercache path. This was preventing me from logging into the admin area due to a 522 error. The frontend loaded fine. Once I deleted the Cache folder, I was able to log into the admin area once again. Your plugin had auto updates enabled, and it was not showing any outstanding updates. In any case, I disabled and deleted the plugin as a precaution. This site has a lot of traffic, so if there is an exploit still present outside of your plugin, it will likely show up again soon. Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/) * (@donncha) * [3 days, 6 hours ago](https://wordpress.org/support/topic/plugin-possibly-exploited/#post-18926078) * [@boardboss](https://wordpress.org/support/users/boardboss/) – unfortunately the exploit is in another plugin and WP Super Cache was caching the pages on your site that had the malicious code embedded in them. Your malware scanner picked up that code in the html pages. * Get your malware scanner to scan your other plugins and code as it’s still on your site, hiding away. 🙁 * Thread Starter [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [3 days, 5 hours ago](https://wordpress.org/support/topic/plugin-possibly-exploited/#post-18926151) * Thank you for the reply. I have a malware scanner that flagged these files, and I ran two more malware scans after I removed your plugin and deleted the cache folder. * Since your response seemed to indicate that malware still exists, which malware scanner would you suggest I run to check for possible exploits? I already signed up for Malcare, which seemed to be the best based on some brief research, and ran a scan using that plugin. Malcare indicated the site was safe and nothing nefarious was found: “No active compromise detected in the latest scan. Keep your site protected with continuous monitoring.” * Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/) * (@donncha) * [3 days ago](https://wordpress.org/support/topic/plugin-possibly-exploited/#post-18926530) * Two to choose from are Jetpack Scan or Wordfence but I’m not familiar with others. * It may well be that Malcare detected a false positive in the cached pages. If you downloaded them before deleting them, maybe you can look at what was causing the problem. * Thread Starter [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [2 days, 19 hours ago](https://wordpress.org/support/topic/plugin-possibly-exploited/#post-18926815) * Okay, so I installed Wordfence Security and JetPack Protect (I could not find Scan when searching the plugins via the admin dashboard). Wordfence Security reported no issues found, with the exception of one theme and one plugin needing to be updated. Both are set to automatically update in a couple of hours, and both are at their current versions, so I ignored that issue. JetPack Protect reported: “Don’t worry about a thing The last Protect scan ran 1 hour ago and everything looked great.” * Regarding the files that were on the site in the cache folder, there appeared to be one folder for each post. I randomly checked several folders and they all had the same two file types. One was a file with the name “index-https.html” and the other was a .zip file. The ZIP file might have had the same name, I do not recall. I wanted to get them off of the server immediately, so I deleted the cache folder and ultimately the plugin itself. Viewing 4 replies - 1 through 4 (of 4 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-possibly-exploited%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/wp-super-cache/assets/icon-256x256.png?rev=3506220) * [WP Super Cache](https://wordpress.org/plugins/wp-super-cache/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-super-cache/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-super-cache/) * [Active Topics](https://wordpress.org/support/plugin/wp-super-cache/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-super-cache/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-super-cache/reviews/) * 4 replies * 2 participants * Last reply from: [boardboss](https://wordpress.org/support/users/boardboss/) * Last activity: [2 days, 19 hours ago](https://wordpress.org/support/topic/plugin-possibly-exploited/#post-18926815) * Status: not resolved