My Wordpress site being hack by modifying the .htaccess [duplicate]
Most sites host wordpress by having the php files writable for the webserver. I never liked that security issue. Probably they installed a PHP script somewhere.
You can download the sources of your hosting platform, download a fresh Wordpress and do a diff (linux: diff, windows: winmerge for instance). You can then see what code is different. Of course there'll be some, but you should be able to tell what code is illegitimate. It usually looks as obfuscated as possible, sometimes bas64 encoded in PHP.
Edit: something else you might want to try: php cgi bug. You can easily test if your server is susceptible.
If they have access to modify your .htaccess file, then you've possibly got issues with compromised access starting with the computers you use to access the website for FTP and administration. Scan theses systems first for compromise, then change FTP and admin passwords on the website.
If it's still possible for them to change the .htaccess file at will, your Wordpress installation was probably outdated and offered a good backdoor into the system by bad scripts, a bad module or database code injection.
See Halfgaar's post to start finagling that out