Title: Security problem and hack
Last modified: August 21, 2016

---

# Security problem and hack

 *  Resolved [zepolo](https://wordpress.org/support/users/zepolo/)
 * (@zepolo)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/)
 * I have a problem since last update: security problem.
 * Every day, a hacker use supercache files for redirect to its website. That person
   adds a link on my website via supercache.
 * When I remove or delete cache, its hyperlink is deleted. Next day, its hyperlink
   appears on my home page.
 * Hacker use this hyperlink: [http://www.cheapclothesshops.co.uk/shops/primark-uk-cheap-clothes/](http://www.cheapclothesshops.co.uk/shops/primark-uk-cheap-clothes/)
 * Can someone help me ? Same problem ?
    Thank you very much
 * WordPress 3.7.1.
    WP Super Cache: 1.4 All plugins are up to date. I use Better
   WordPress security too.
 * [http://wordpress.org/plugins/wp-super-cache/](http://wordpress.org/plugins/wp-super-cache/)

Viewing 14 replies - 1 through 14 (of 14 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361004)
 * A hack on your site does not automatically implicate this plugin unless you have
   concrete evidence to the contrary. The information you mentioned above is by 
   no means concrete.
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less will probably result in the hacker walking straight back into your
   site again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [zepolo](https://wordpress.org/support/users/zepolo/)
 * (@zepolo)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361012)
 * Thank you
    I will read those articles
 *  [trendyweb](https://wordpress.org/support/users/trendyweb/)
 * (@trendyweb)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361054)
 * Same problem here.
    Whatever the cause, it only affects cached pages. When I 
   delete the cache, everything is fine, but once pages are cached again, the links
   return. I will delete plugins to see if that changes anything, and will let you
   know when I see a difference.
 *  [ThE_ED](https://wordpress.org/support/users/the_ed/)
 * (@the_ed)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361059)
 * There seems to be some related security problem, indeed, though I haven’t figured
   out where exactly.
 *  Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361062)
 * trendyweb – there’s malware on your site. It appears in the cached pages because
   that’s what the plugin does. It caches the output of your site, be that legitimate
   html or nasty Javascript.
 *  Thread Starter [zepolo](https://wordpress.org/support/users/zepolo/)
 * (@zepolo)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361069)
 * trendyweb and The ED
 * hyperlink added: primark
    anchor: cheapclothesshops.co.uk/shops/primark-uk-cheap-
   clothes/
 * Do you have exactly the same problem or not ?
 * I have change permissions for cache (read, write..)and it seems fell better.
 *  Plugin Author [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361072)
 * zepolo – disable the cache all you want but there’s malware on your site still,
   and it’s not in WP Super Cache.
 * Log out or use an incognito browser to search for your site on Google and visit,
   that may trigger the hacked code, it’s one of the ways they avoid detection by
   the owner of the site. Because the pages were cached you were able to notice 
   them so it helped!
 * Those hacks really should define DONOTCACHEPAGE.. 😉
 *  [ThE_ED](https://wordpress.org/support/users/the_ed/)
 * (@the_ed)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361079)
 * Yeah, it can seem like malware ‘returns’ when you serve an older cached page 
   from before. Even when you’ve actually already managed to tackle the problem.
 * That might be why WP Super Cache seems like the root-cause, even though it isn’t.
 *  [ThE_ED](https://wordpress.org/support/users/the_ed/)
 * (@the_ed)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361080)
 * Still something seems to have changed my wp-cache-config, thereby inserting an
   iframe.
 *  Thread Starter [zepolo](https://wordpress.org/support/users/zepolo/)
 * (@zepolo)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361081)
 * Thank you very much Donncha for your comment.
    I spend time for resolve my issue.
 * I found a **suspicious file **with a plugin. Lot of people have the same problems.
 * Plugin: PageNavi Automatic Page Numbers.
    I noticed there are spam links at some
   of my posts. Deactivating the plugin (disable the cache) and the spam was gone.
 * Hope it help someone.
 * _[ Malware code deleted. **Please do not post that code in these forums**. ]_
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361084)
 * > I found a suspicious file with a plugin. Lot of people have the same problems.
 * That just means that _your installation was compromised and needed to be deloused_.
   It does not mean there is any problem with that other plugin.
 * Have you worked through the links that Esmi [provided you with](http://wordpress.org/support/topic/security-problem-and-hack?replies=10#post-4934020)?
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361085)
 * Updated reply:
 * zepolo? You are _100% correct and that plugin does contain spam links_. Thank
   you for catching that and your persistence for me to look closer. 😉
 * [http://plugins.trac.wordpress.org/browser/pagenavi-automatic-page-numbers/trunk/pagenavi-automic-pagenumbers.php#L82](http://plugins.trac.wordpress.org/browser/pagenavi-automatic-page-numbers/trunk/pagenavi-automic-pagenumbers.php#L82)
 * I’m drafting an email to plugins [at] wordpress.org and hopefully this will get
   resolved soon. In the meanwhile please consider deleting that plugin if you have
   not yet done so.
 *  [trendyweb](https://wordpress.org/support/users/trendyweb/)
 * (@trendyweb)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361086)
 * Indeed, this plugin is the culprit.
    I downloaded a fresh copy and looked at 
   the php. the primark link, plus a number of other ones are already in there, 
   so I do not think you have to be afraid of being hacked. Just delete this plugin.
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361093)
 * I have updated the pagenavi-automic-pagenumbers plugin to remove the spam code.
   Version 1.06 of the plugin is clean, however, I recommend finding an alternative
   plugin. That plugin will no longer be listed in our repository.

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘Security problem and hack’ is closed to new replies.

 * ![](https://ps.w.org/wp-super-cache/assets/icon-256x256.png?rev=3506220)
 * [WP Super Cache](https://wordpress.org/plugins/wp-super-cache/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-super-cache/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-super-cache/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-super-cache/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-super-cache/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-super-cache/reviews/)

 * 14 replies
 * 7 participants
 * Last reply from: [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * Last activity: [12 years, 6 months ago](https://wordpress.org/support/topic/security-problem-and-hack/#post-4361093)
 * Status: resolved