My site was hacked or has malware
In this article
- False positives - Is WP Rocket really to blame for the malware on my website?
- What to do if I confirm that my website has been hacked?
False positives - Is WP Rocket really to blame for the malware on my website?
The process of page caching makes a copy of your site's content and stores it in static HTML files. This process cannot distinguish between your normal content and hacked content. This means that if your site has been hacked, and malware or other malicious content is injected into your pages, that content will also end up in the cache files. For this reason security plugins may warn you about malicious code in the cache files. This does not mean that WP Rocket is the reason your site was hacked. It's simply caching the already hacked content.
The reports from some security plugins are sometimes false positives -- for example, if the file mentioned by the security plugins is simply the cache file which WP Rocket creates and serves to speed things up for your visitors, then you can be sure it’s a false positive.
In short, if your site isn't infected when your security plugins scans it without WP Rocket active, then it's unlikely to suddenly be infected after WP Rocket is creating its cache files.
So if you've already reviewed your site / these files to confirm that no malicious code is actually present, it's safe to ignore these messages from your security plugins.
What to do if I confirm that my website has been hacked?
If after scanning your site, your security plugin confirms that there is some malicious code on your site, then it's impossible for WP Rocket to avoid including that code when it creates the cached content.
If your site has been hacked you should follow these steps:
- Disable Preloading in WP Rocket
- Clear the cache to remove the infected files (this can also be done manually if needed)
- Deactivate WP Rocket
- Clean up the hack on your site
- Once your site is clean, then you may reactivate WP Rocket.
If you need help to clean your hacked site, this is a good starting point: