Title: Security problems
Last modified: February 28, 2022

---

# Security problems

 *  Resolved [carlosrovira](https://wordpress.org/support/users/carlosrovira/)
 * (@carlosrovira)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-problems-6/)
 * Hi I installed podscache since wordpress was telling me that pods recommends 
   this plugin. I have wordfence installed too. I saw podscache files are compromised.
   The following is an example:
 *     ```
       Nombre del archivo: wp-content/podscache/000001/6/27e/09f/5ce4bbb2d44c7015c7f082c5b.php
       Tipo de archivo: No un archivo del núcleo, de tema o de plugin de wordrpess.org.
       Detalles: This file contains references to performance-enhancing pharmaceuticals. If your site does not sell or review pharmaceuticals, this is likely an indicator that it has been compromised. We recommend that you get your site professionally cleaned by the experts at Wordfence.
       El texto coincidente en este archivo es: \xe6\xab"b\x0a<?php exit; ?>\x0aa:28:{s:2:"ID";i:15845;s:11:"post_author";s:1:"0";s:9:"post_date";s:19:"2022-02-26 01:16:38";s:13:"post_date_gmt";s:19:"2022-02-26 00:16:38";s:12:"post_content";s:441:"Susandot\x0azsv...
   
       El tipo de problema es: Spam:TXT/pharm.cache.10214
       Descripción: Cached pharma spam
       ```
   
 * So I removed this plugin.
 * Hope you guys can solve the problem so podscache has proper security and wordfence
   trust it.
 * thanks

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Scott Kingsley Clark](https://wordpress.org/support/users/sc0ttkclark/)
 * (@sc0ttkclark)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-problems-6/#post-15411821)
 * I believe you should be checking into your site/server immediately if you are
   seeing your file system has been compromised on the hosting side. Pods Alternative
   Cache is most likely not the cause of these files being compromised due to how
   Pods saves the data. Pods saved the data in the serialized array there but everything
   else was adjusted after the save.
 * You can add additional protection for your sites files by adding .htaccess rules
   for certain directories to prevent direct access to files.
 * I will work on a custom .htaccess file for the Pods Alternative Cache file directory
   as well just to be sure when people find their hosting has been compromised, 
   that Pods Alternative Cache can attempt to protect them. However — if your hosting
   has been compromised then you are likely going to see .htaccess files be modified
   to allow traffic through.
 * Just noting here too — Pods Alternative Cache will read that file and not return
   what it expects because the data is not valid (it expects an array).
 * Thanks for letting me know about the issue on your site, I am hoping that adding
   a Pods Alternative Cache specific .htaccess file will at least help reduce issues
   like this in the future.
 * Ultimately, when hosting/file system has been compromised, this isn’t the only
   place targeted. They target a lot of different PHP files just hoping to get content
   onto the site. I doubt their script even knows what Pods or Pods Alternative 
   Cache is. It just saw php files in the directory.
 *  Plugin Author [Scott Kingsley Clark](https://wordpress.org/support/users/sc0ttkclark/)
 * (@sc0ttkclark)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-problems-6/#post-15416932)
 * Pods Alternative Cache 2.1.3 is out and you can update and activate it whenever
   you’d like. It includes a fix to prevent search engines indexing those files 
   as well as a solution for Apache environments to deny direct access to those 
   files through the browser.
 * You should still delete the whole folder and contact your web host to help you
   determine a solution for your compromised site. Let me know if you find out what
   happened from your web host. Be sure to change your account passwords and other
   access passwords such as FTP too, just to be safe.
 *  Thread Starter [carlosrovira](https://wordpress.org/support/users/carlosrovira/)
 * (@carlosrovira)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-problems-6/#post-15418400)
 * Thanks Scott, I’l try as I get some time. I must notice that I installed due 
   to the recommendation of the WP instalation, but I think my current use is not
   very intensive so maybe the recommendation doen’t apply for me.
 * Also, I manage the server, so maybe the solution is just to manage permissions
   on that folder to avoid attacks.
 * thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security problems’ is closed to new replies.

 * ![](https://ps.w.org/pods-alternative-cache/assets/icon.svg?rev=1669115)
 * [Pods Alternative Cache](https://wordpress.org/plugins/pods-alternative-cache/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/pods-alternative-cache/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/pods-alternative-cache/)
 * [Active Topics](https://wordpress.org/support/plugin/pods-alternative-cache/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/pods-alternative-cache/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/pods-alternative-cache/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [carlosrovira](https://wordpress.org/support/users/carlosrovira/)
 * Last activity: [4 years, 2 months ago](https://wordpress.org/support/topic/security-problems-6/#post-15418400)
 * Status: resolved