Support » Fixing WordPress » Back-end not working possibly due to .htaccess file.

  • Hello,
    I am not sure what’s going on, so im seeking your help.

    When logging on through the admin panel, I am able to see my dashboard, however i am unable to edit or click on any other link within the dashboard, this give me a page not found message.

    I’ve looked possible solutions such as updating the .htaccess file

    From

    <FilesMatch “.*\.(phtml|php)$”>
    Order Allow,Deny
    Deny from all
    </FilesMatch>
    <FilesMatch “(index).php$”>
    Order Allow,Deny
    Allow from all
    </FilesMatch>

    To

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    this did the trick, however the .htaccess file is overridden in a couple of minutes with the first part again. I’d like to not continue to modify the .htaccess file everytime i need to make a change to a post or view a plugin on the backend.

    please help.

Viewing 15 replies - 1 through 15 (of 17 total)
  • I’m wondering if a plugin might be rewriting your htaccess file…

    Maybe you should disable any plugins you don’t need, change that htaccess once again, then check it after a time. If it is rewritten again then disable another plugin until you discover the problem… or run out of plugins to disable.

    I can’t think of any other way this might happen.

    Thread Starter mhabashy

    (@mhabashy)

    @jnashhawkins thanks for the suggestion. I disabled all my plugins, yet the htaccess file was still updated automatically.

    Does anyone else have any suggestions i can try?

    I had a similar problem recently which is “ERROR 403 – FORBIDDEN”,
    I couldn’t access to the admin panel (back-end)
    to fix the problem:
    1- Go to cPanel
    2- open file manager
    3- go to the wp-admin directory
    4- open .htaccess file
    You may found something similar to this script:

    <FilesMatch “.*\.(phtml|php|PhP|php5|suspected)$”>
    Order Allow,Deny
    Deny from all
    </FilesMatch>

    change Deny from all
    to
    Allow from all

    I have the same issue šŸ™

    @aseelban your solution works but after two day the file .htacess is rewrite.
    Did you found the solution ?

    • This reply was modified 9 months, 4 weeks ago by evanfox35.

    @evanfox35 I had this problem and I’m fighting it now. My site was hacked and some evil code manipulated my .htaccess files automatic.

    Thaks for your reply @joran98 .

    What action have you done to fight it?

    Hello, @joran98 for your reply.

    My website has also been hacked and My problem is that in every folder I have a .htaccess file. Now I am facing another problem.My site is password protected even though I didn’t set a password.

    Can you please share if you manage to resolve your problem and if so, please share the solution?

    Thanks

    Hi, I have the same issue, somebody have found the solution?

    maybe you check this web site
    911 – WordPress files hacked

    Ok, So here is a temporary solution which I did and worked:
    1. Remove unnecessary code from index.php
    2. delete <FilesMatch>… </FilesMatch> part of code from .htaccess which might be available in wp-admin, wp-content and wp-includes folders as well.

    Temporary since it’s a malware likely to affect your index.php file which is overwriting the .htaccess file by adding <FilesMatch>… </FilesMatch> part of code.

    Regards,
    Omkar N Hatalkar

    Ok so tit for tat , this is done by a malware or virus on your website which creates .htaccess file in every subdirectory of public_html , to deal with it I have prepared a script for hotfix

    Create a file in home directory of user (/home/exampleuser) with any name such as fix_malware.sh and copy and paste the below content

    #/bin/bash
    
    #This script delets all htaccess files which contain FileMatch keyword
    
    echo "Starting Script"
    
    find ./public_html -name ".htaccess" | while read line ;
            do
                    grep -q "FilesMatch" $line
                    if [ $? == 0 ]; then
                    rm $line
                    else
                    echo not found
                    fi
            done

    after pasting the content make sure to give executable permission to the script file, with command chmod u+x ./fix_malware.sh and atlast run the script by calling ./fix_malware.sh .

    After the script will finish executing you may see your websites working again, but some of them must be misbehaving because of missing htaccess file , sadly you need to find correct htaccess file and paste at the project desired location .

    Note I ran the above commands from home directory (/home/exampleuser) , dont forget to change paths if you are running from any other location.

    Hope this helps
    Happy Coding

    saurabhwpts

    (@saurabhwpts)

    here is what i did:-

    • login to your c-panel
    • rename your plugin folder
    • go to the root folder
    • find about-us.php file( “The path will be public_html/aboutus.php”)
    • NOTE:- You can download a fresh copy of wordpress to your localhost and see the files .

    • you have to edit index.php file -> you will find two line code in php like <? $somename = “bdhbfsbfjbfkvfsdbfldsbflbfrlibblfgds86f5sd7fs78d6f8s7dgfsdyf86sfids”;?> at the top of index.php
    • look for aboutus.php or about.php or about-us.php in your public_html
    • delete the file
    • go the renamed plugin file remove all deactivated plugins
    • check for the last updated file for all your plugins
    • look for any anusal code the best way is to download the zip of the plugin and match the files and scripts
    • you will stop facing the error and the .htaccess wont be rewritten again
      All the best
      Happy coding

    wiredhosting

    (@wiredhosting)

    After executing the bash script we get this error. Any idea?

    Starting Script
    ./fix_malware.sh: line 2: $’\r’: command not found
    ./fix_malware.sh: line 11: syntax error near unexpected token `done’
    ./fix_malware.sh: line 11: ` done’

    Thanks

    Hi Everyone! I face that problem but good news, I found the way.
    First of all, go to Cpanel

    1. Go to file manager
    2. Go to public_html folder
    3. first change folder name wp-content to any just like wp-content-off
    4. Now change the htacess code
    5. 
      
      # BEGIN WordPress
      # The directives (lines) between "BEGIN WordPress" and "END WordPress" are
      # dynamically generated, and should only be modified via WordPress filters.
      # Any changes to the directives between these markers will be overwritten.
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      RewriteBase /
      RewriteRule ^index\.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      </IfModule>
      
      # END WordPress
       
       <IfModule mime_module>
       AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
      </IfModule>
      
      
    6. Wait for few minutes, If .htacess file again change then means virus isn’t in this folder
    7. Now change wp-includes folder name like before, In my case i got virus in wp-content folder
    8. Now again change .htacess file and wait.
    9. Inshallah, Now you see .htacess not change! so delete the wp-includes folder and download fresh WordPress from wordpress.org and upload only the wp-includes folder.
    10. Now change the wp-content-off to again with orignal name (wp-content)
    11. Now you need to clean your server ASAP, so install any plugin that has good rating and clean your site.
    12. To save your site in the future, Connect your site with cloudflare. Bcz cloudflare give Ddos at free of cost.
    • This reply was modified 1 month, 1 week ago by abdulhanan.
    • This reply was modified 1 month, 1 week ago by abdulhanan.

    I have many files .htaccess with this code>

    The code will begin here:

    <FilesMatch ".(py|exe|php)$">
     Order allow,deny
     Deny from all
    </FilesMatch>
    <FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php)$">
     Order allow,deny
     Allow from all
    </FilesMatch>
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    The code ended here.

    And my client site is infected with seo spam, with more than 18.000 links redirecting

Viewing 15 replies - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.