Corrupting .htaccess file nightly

Chad Huntley
(@chuntley)

10 years, 3 months ago
Hello, after the latest update on your plugin, every night the .htaccess file on my website is overwritten and corrupted by a typo. Here is the section with the typo:
```
# END Better WP Security

s/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# BEGIN W3TC CDN
```
And what it should be when reverted from a backup:
```
# END Better WP Security

RewriteOptions inherit
Options +FollowSymLinks

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L] # uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# BEGIN W3TC CDN
```
I’m assuming this is something to do with Better WP Security overwriting the htaccess files with its own rules, and misplacing the existing lines regarding ms-files.php. Any ideas?

Thanks!

http://wordpress.org/plugins/better-wp-security/

Viewing 1 replies (of 1 total)

rbairwell
(@beebware)

10 years, 1 month ago

We’ve had a very similar issue on just two of our 50 sites which run exactly the same code base and plugins: we’re not running better wp security though.

On our sites, it was the </IfModule> line being duplicated which caused the site to go down and error logs such as </IfModule> without matching <IfModule> section being recorded.

We currently think (i.e. we have no evidence, but just a feeling) that what is happening is a race condition associated with the WordPress permalinks. WordPress sets up a “next minimum cron time” i.e. 11:23:00 after which certain crons (such as rebuilding the permalinks) is run. At 11:23:03 we get the first page load of the hour and all goes well and WordPress reschedules the cron job for 4 hours time (15:23:00). However, at 15:23:02 we get two, practically simultaneous page loads, which both start off the cron job and end up duplicating their efforts and causing the corruption.

This has been matched up by our log files which reveal, at the time of the corruption, show a couple of PHP page requests within the same second.

Like I said, I don’t know if this *is* the issue, but that’s what it feels like to me. I assume you are running WordPress native cron and haven’t done the “advanced setup” where you have the server running a cron-tab based cronjob to run the scheduled tasks (which would avoid the race issue).

(Oh – how have we fixed this? Well, at the moment, we’ve just made the .htaccess file non-writable so it can’t be changed: a little bit of a bodge job, but it will hopefully fix things until we can do a proper investigation+fix).

Viewing 1 replies (of 1 total)

The topic ‘Corrupting .htaccess file nightly’ is closed to new replies.