New dat files in WordPress root

: Image via Wikipedia

I woke up this morning to find a ton of randomly-named files in the root directory of several of my WordPress installations. The files are named similarly to 0303c831c9c6203ba966dbf523d119ab.dat. The data of these files looks like a serialized PHP value.

I’m not sure if these files are due to the upgrade I performed to WordPress 3.0.1 last night, though they seemed to begin appearing shortly after I applied that upgrade. I’m speculating that they’re due to the way one of my plugins – perhaps Hyper Cache – is interacting with 3.0.1. It’s either that or some malicious infection. Either way, I’ll update here when I find out what’s causing it.

Have you noticed extra, random files in your WordPress installation after upgrading to 3.0.1? If so, hit the comments.

UPDATE: It looks like I can confirm that the problem was due to the Hyper Cache plugin. Upon automatically upgrading to the latest version of the plugin, 2.7.3, WordPress complained that it couldn’t find a cache directory and instructed me to create that directory. Even though I did, it seems it was still storing the cache files – these mysterious .dat files – in the WordPres root directory. After deactivating and reactivating the plugin, it seems to be storing the cache files in the correct location now.

Aaron Traffas, CAI, ATS, CES

Aaron Traffas, CAI, AMM, CES, is an auctioneer from Sharon, Kansas. For the last 22 years he's worked for Purple Wave. Aaron served as president of the Kansas Auctioneers Association in 2017 and on the National Auctioneers Association Education Institute Board of Trustees from 2009 through 2013. He is a past instructor at CAI and co-wrote the original ATS and AMM designation courses from NAA. An active contract bid caller, he has advanced to the finals in multiple state auctioneer contests. During the summer, Aaron operates a farm in south central Kansas. Aaron is an active singer and songwriter and the Aaron Traffas Band's latest music can be found at aarontraffasband.com as well as Spotify, Apple Music and Amazon.

Next Auction Payment Network announces specialized payment processing solutions for auction companies »

Previous « 61st International Auctioneers Conference and Show in Greensboro, North Carolina

View Comments

Sabo says:

2 August 2010 at 7:40 pm

Google catch your post pretty quick, for the good of everybody with the same problem. This solved my problem, Hypercache created almost 3,000 .dat files in the root. My question is, who give the plugin permission to write outside his folder? Apache, PHP? this is a security issue.
twist3r says:

18 August 2010 at 10:29 am

It happend to me too, even if the plugin was inactive.
Peter Willis says:

31 December 2010 at 4:16 pm

Thanks - this happened to us to. We also had thousands of these files. Worrying really that it could write to the root.
Mike233 says:

21 April 2011 at 6:25 am

Hey, i am having this same problem, i tried disabling and enabling the plugin but .dat files are still there, any other ideas??
- Aaron Traffas says:
  
  21 April 2011 at 1:03 pm
  
  Did you crate the cache subdirectory under wp-content/plugins/hypercache?
  - Mike233 says:
    
    21 April 2011 at 5:42 pm
    
    Apparently i wasnt able to create the directory, how can i create it now ? btw my wp files are not showing anymore just a lot of .dat files on my root :S
    - Aaron Traffas says:
      
      21 April 2011 at 8:34 pm
      
      You should be able to create it easily with an FTP client - I like Filezilla.
      - Mike233 says:
        
        21 April 2011 at 11:23 pm
        
        i kno but when i create a new dir it disappears, it only leaves the .dat files :(:(