Support » Plugin: Wordfence Security - Firewall & Malware Scan » .htaccess file replicated across all subfolders

  • Resolved silverwolf99


    My site at was recently hacked and malicious code added. I have cleaned up to the best of my ability and have now added WordFence Premium to add some (belated) protection. My site now appears to be fully operational.

    However, every folder and subfolder in my wordpress install now has an invalid (hacked) .htaccess file which I am busily removing. Is this a known problem? I could find no reference in these forums to multiple .htaccess files being installed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support WFAdam


    Hello @silverwolf99 and thanks for reaching out to us!

    If you’re a Premium Wordfence Customer, I recommend opening a support ticket at They will be able to assist you faster and more efficiently.


    How was this resolved?

    I think I figured it out.

    I think it occurs when activating a plugin that allows file management access from the WordPress dashboard.

    This generates an .htaccess file in each subdirectory with file permissions of 777.

    Just a guess. 🤷🏻‍♂️

    This happened to me today on a client web site.

    I understand that the Premium Wordfence Customer can open tickets, but creating an htaccess file on each folder and subfolder of the website (Denying access to all py, php…) on a WordPress Site is like killing the site, and it does not seem to be trivial. It would be nice to understand how it was solved and if it some bug or vulnerability of the plugin. I think you should provide a solution for all customers when something like this happens.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘.htaccess file replicated across all subfolders’ is closed to new replies.