There are only 2 files that this plugin modifies. It doesn’t even access your database, or modify anything.
The 2 files are a file named .htaccess in the same directory as your wp-config.php file. The second file is in your /wp-admin/ directory, so: /wp-admin/.htaccess
If you restore from a year ago but do not remove the AskApache code blocks (each file has a block of code in between giant askapache banners. 1 block total for each file.) then you are dangerously unaware of this.
If the giant askapache block is the only text in the whole file, delete the entire file. If it is not the only text in the whole file, just remove the giant askapache block of code. Do that to both of the 2 .htaccess files. Then your blog will be 100.00000% the same as it was.
So, the ONLY issues then (ever reported) can ALL be fixed by doing that. This is true for every version since v1.
The problems are all due to those 2 files, don’t forget that. The common issues people have:
- They aren’t using SSH, and their FTP program or WebFTP program doesn’t display .htaccess files without enabling hidden files first. See your programs docs for viewing hidden files.
- People panic and instead of only removing the giant askapache code blocks, they just delete the entire file even though there was other text in the file ( coincedentally the most crucial code on your blog, the rewrite to index.php that makes WP work ).
- People just delete the plugins folder, and disable the plugin, and don’t realize its only those 2 files that need to be reverted to their previous state.
Very Rarely you might actually have a serious problem that you will need to contact your hosting support to get fixed. This plugin goes a little too far in trying to force solutions to problems writing to the .htaccess files during the install / module activation/deactivation.
In some cases, due to poor or super good security configuration of the web server, or php, the plugin can end up writing these 2 files as a different user then the user you use to ftp. Basically the HTTPD Server is a program that may be started by a special user like ‘nobody’ or ‘apache’ but your website directory is owned by your unique user and group.
If the plugin succeeds in bypassing security to write these files as the user running the HTTP Server, that is basically an exploit, not good. So then maybe mod_suphp or mod_suexec are setup to execute the php binary as a different user, your user, but somehow the plugin bypassed that and wrote the file as the server process owner. What that does is a problem because you don’t know the password of the server user, you can’t login as that user, so that means you cannot delete those .htaccess files.
Cool huh? In that case you must contact someone with the access-level permissions to change the owner and user back to yours so that you can revert the 2 files.
@christinawiler
By adjusting your permalinks wordpress will automatically rewrite the rules to your htaccess file. This will fix the problem that happens when the wordpress code block is deleted from the .htaccess file.
It is entirely my fault for these problems, but I hope you will learn things about your site and servers security you didnt before. And having to contact your webhost is always good as it keeps them on their toes. The next version fixes these issues.
