My Wordpress site being hack by modifying the .htaccess [duplicate]

hacking .htaccess wordpress

Most sites host wordpress by having the php files writable for the webserver. I never liked that security issue. Probably they installed a PHP script somewhere.

You can download the sources of your hosting platform, download a fresh Wordpress and do a diff (linux: diff, windows: winmerge for instance). You can then see what code is different. Of course there'll be some, but you should be able to tell what code is illegitimate. It usually looks as obfuscated as possible, sometimes bas64 encoded in PHP.

Edit: something else you might want to try: php cgi bug. You can easily test if your server is susceptible.


If they have access to modify your .htaccess file, then you've possibly got issues with compromised access starting with the computers you use to access the website for FTP and administration. Scan theses systems first for compromise, then change FTP and admin passwords on the website.

If it's still possible for them to change the .htaccess file at will, your Wordpress installation was probably outdated and offered a good backdoor into the system by bad scripts, a bad module or database code injection.

See Halfgaar's post to start finagling that out

Related

Parameters For Server Sizes? [closed]
How can I show the CPU temperature in the GNOME panel?
How to use a C program to run a command on terminal?
Printing multiple files from Nautilus
The volume "Filesystem Root" has only 533.9 MB disk space remaining
How to log into lxc container?
Why can't I pipe into cd?
How can I list last updated packages from terminal? [duplicate]
neither prefork nor worker settings are found in /etc/apache2/apache2.conf - why?
"you have held broken package" While trying to install R
Ubuntu 14.04 not running Bash scripts in /etc/cron.daily [duplicate]
How to disable notifications for a specific application?