I got an email today from the DH Security team Malware Removal saying that my site was compromised.
The file was in my wp-content/cache/ object directory.
Even after emptying my cache is W3 Total Cache and also deleted my cache folder, the file would come back after a short time.
I finally ended up turning off object cache in the W3 Total Cache settings.
I saved the file to my local hard drive to take a look at it before permanently deleting it, and it looks like it does some sort of PHP Injection Redirect, and that it goes after certain themes.
The PHP file had a name that started with the directory names it was found in: It was called object/dda/fb9/ddafb9fed5927dab341680b889e2dd1c.php
I’m running a number of security plugins already: security-malware-firewall by CleanTalk and all-in-one-wp-security-and-firewall to name a couple.
I have updated both my database and user passwords, but I’m curious how it got into my object cache and also if there is any way I can lock down my site even more to prevent future attacks.