Hi @rasihx
Per WP Super Cache’s documentation:
- Standard Files:
The plugin generates onlyindex.html and wp-cache-*.php files.
view_*.php files are not created by WP Super Cache. - Possible Causes:
- A third-party plugin/theme using WP Super Cache’s caching hooks.
- Custom (possibly malicious) code in the
wp-super-cache-plugins/ directory.
- Next Steps:
Follow the Advanced Troubleshooting Checklist to: - Test for plugin/theme conflicts.
- Check for custom plugins in
wp-super-cache-plugins/.
Those view*.php files are created by the debug process in the plugin. If you ever look at the debug log, you’re using one of those files.
I’m surprised they are blank files. Were they 0 bytes, or just didn’t display anything when you loaded them?
Hello Donncha,
Thank you for your response and clarification regarding the view_*.php files.
To answer your question, the files were indeed 0 bytes in size, and when I attempted to open them, nothing was displayed. I haven’t investigated them further, but given the context of my website being hacked, I wanted to ensure that these files were not being used maliciously.
Since I deactivated WP Super Cache and restored my website from a backup, I haven’t observed any further issues, and the site has not been compromised again.
Would you recommend any specific actions to prevent the creation of these empty files in the future, or is there any additional security measure I should take to ensure my site remains secure while using WP Super Cache? I would appreciate any advice on this.
Thanks again for your help!
Best regards,
Rainer
Would you recommend any specific actions to prevent the creation of these empty files in the future, or is there any additional security measure I should take to ensure my site remains secure while using WP Super Cache? I would appreciate any advice on this.
I’m not sure why those files were 0 byte files. When your site was hacked, did the attacker fill the available space? That might have caused the plugin to create 0 byte files. However, when an attacker is in your system who knows what they may have done?
I don’t think you need to worry about WP Super Cache. The cache directory is writable, so an attacker can put php files in there, but so is your uploads directory. It’s an old plugin that has been audited many times by different people. I have no concerns about using it on any of my sites.
Hi there, @rasihx,
I’m going to mark this thread as solved as it’s been inactive for more than one week. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers!
