Title: .env files
Last modified: July 5, 2024

---

# .env files

 *  Resolved [albarosa](https://wordpress.org/support/users/albarosa/)
 * (@albarosa)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/)
 * Hello,
 * I have a question regarding the .env files. Unfortunately, my website has been
   under constant attack since 03.07. Initially, the attacker targeted the .env 
   files in order to gain access using a hacked (older) WordPress login URL:
   Date:
   2024-07-03Time: 21:58:31IP: 136.243.212.110Request: GET request with a suspicious
   parameterUser-Agent: serpstatbot/2.1 (advanced backlink tracking bot; [https://serpstatbot.com/](https://serpstatbot.com/);
   [abuse@serpstatbot.com](https://wordpress.org/support/topic/env-files/abuse@serpstatbot.com?output_format=md))
   Country: GermanySize: 4360Response time: 266
 * The request with a suspicious parameter was the word of the old login URL, so
   it is sure, that the Hacker got some sensitive files. However, it was the older
   login URL. With your Plugin i changed this URL to another name.
 * After this and also other attacking requests, it appears that my website is infected
   with malware, as my hosting provider was able to detect something.
 * I must mention that my website is not officially accessible yet, and it is 99%
   certain that the attacker is an individual from a German company, as I had created
   a staging copy of my website for demonstration purposes just before. In order
   to create this staging copy, I deactivated the firewall of your plugin by deactivating
   and reactivating the entire plugin once, as I noticed that the firewall was not
   active in this state. So I created the staging copy in this state (additionally,
   I also disabled the function that prevented images from being transmitted) and
   only reactivated the firewall on the original website after creating the staging
   copy. Shortly after I shared the URL of the staging copy with this company, the
   attacks began and are still ongoing. However, my website is now under the “Under
   Attack” mode of my Hosting site, making it more manageable.
 * I would like to know if the .env files from your plugin are generally hidden 
   or blocked to find out how much data the attacker could ultimately steal. Additionally,
   despite using now the Files .env deny codes in my .htaccess file I am unable 
   to protect the .env files. No 404 error message is displayed and I still had 
   constant and numerous attacks on the files until a few hours ago.
 * Thank you for your response and best regards,
   albarosa
 * P.S. Here is an example screenshot of how the .env requests look like: [https://pasteboard.co/WphQ8k4ROb6s.png](https://pasteboard.co/WphQ8k4ROb6s.png)
    -  This topic was modified 1 year, 11 months ago by [albarosa](https://wordpress.org/support/users/albarosa/).

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * (@hjogiupdraftplus)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17870180)
 * Hi [@albarosa](https://wordpress.org/support/users/albarosa/),
 * Which hosting do you use? What architecture is there to use .env does it have
   FTP and DB access details?
 *  .env file seems accessed with the GET method means it was available to access
   the public and placed where it should not be, It should be accessed from the 
   parent folder of the web.
 * WordPress does not have the .env file so we still do not implement any security
   for it.
 * Forbidden access when accessing from the website. You should add below in .htacess
   if you have apache or any other server which supports .htacess. if not supported
   it might be the reason it is accessible you can cross check by access from browser
   location {site_url}/{path_to_.env}
 *     ```wp-block-code
       # Disable index viewOptions -Indexes# Hide a specific file<Files .env>    Order allow,deny    Deny from all</Files>
       ```
   
 * If .env has DB access, they might add an admin and have injected files using 
   file manger, etc plugin.
 * Better first make .env not acccesible
 * Change FTP / DB password / Remove any new Admin user and change password for 
   admin user.
 * Update all WordPress core files and plugins/themes files. and now check which
   extra files are there. If any have the back door as infected code remove it.
 * Regards
 *  Thread Starter [albarosa](https://wordpress.org/support/users/albarosa/)
 * (@albarosa)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17872070)
 * Hello [@hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/),
 * My website is on a shared business hosting plan, so I don’t have my own dedicated
   server. I don’t know which architecture is used, and my hosting provider says
   there are no .env files. Furthermore, my website is still under investigation,
   and I’m waiting for responses from my hosting provider. Up until now, it’s not
   clear to me why the following code:
 *     ```wp-block-code
       <Files .env>    Order allow,deny    Deny from all</Files>
       ```
   
 * has no effect in my .htaccess file. I added this code to the .htaccess file two
   days ago when I noticed the attacks, but the requests were not blocked. I tried
   also this code
 *     ```wp-block-code
       <FilesMatch "^\.">    Order allow,deny    Deny from all</FilesMatch>
       ```
   
 * but without any effect.
 * Similarly, I blocked the IP addresses three times: once through your plugin (
   i used the blacklist function in the firewall section), once via the .htaccess
   file with two different variants, and once through my hosting provider’s dashboard.
   Nevertheless, the attacks frome the same IP adresses continued until I finally
   put the website in “Under Attack Mode.” That helped, and there have been no attacks
   today. It could also be that the hosting provider has taken measures, but I don’t
   know what exactly. I know that my website is being investigated and tested for
   various issues.
 * Thank you for all the tips; I have already changed all passwords. When you say:
 * **“Update all WordPress core files and plugins/themes files. and now check which
   extra files are there. If any have the back door as infected code remove it.”**
 * Would this possibly be a function where your PRO version could help? Or does 
   that not fall within the scope of the plugin? Your PRO version also includes 
   a malware scan. Would that be suitable for this?
 * I see that you also offer advice for malware cleanup. I might need that.
 * Thank you for a response and best regards,
   Albarosa
    -  This reply was modified 1 year, 11 months ago by [albarosa](https://wordpress.org/support/users/albarosa/).
 *  Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * (@hjogiupdraftplus)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17872900)
 * Hi [@albarosa](https://wordpress.org/support/users/albarosa/),
 * Ok, if you have shared server please contact your hosting proivder and .env file
   is not part of the general WordPress installation.
 * Why htaccess not working server provider might can answer, It depends on the 
   Webserver etc.
 * Unfortunately, wordpress.org rules do not allow their forums to be used by us
   for paid software.
   But on our website, you can raise a support ticket.
 * No it is suggestion, we do not offer manual malware clean up.
 * Regards
 *  Thread Starter [albarosa](https://wordpress.org/support/users/albarosa/)
 * (@albarosa)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17873294)
 * Thank you very much for the very helpful answers [@hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/).
 * I am still waiting for the results from my hosting provider, and then I will 
   make further decisions.
 * Kind regards
 *  Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * (@hjogiupdraftplus)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17874633)
 * Hi [@albarosa](https://wordpress.org/support/users/albarosa/)
 * Ok, keep me posted.
 * Regards

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘.env files’ is closed to new replies.

 * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256.
   png?rev=2798307)
 * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/)
 * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * Last activity: [1 year, 11 months ago](https://wordpress.org/support/topic/env-files/#post-17874633)
 * Status: resolved