Title: .htaccess Hacked
Last modified: August 20, 2016

---

# .htaccess Hacked

 *  [chintupopali](https://wordpress.org/support/users/chintupopali/)
 * (@chintupopali)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/)
 * Hi,
    My Site is being hacked and i found suspicious code in my .htaccess file,
   i had removed it and still it came back on my site. I have change all my password
   and username also i have change secret keys too in wp-config file, still it is
   coming back. Can any pleas provide me solution? i am really in big trouble. My
   business is getting off. Please please help me some please…. 🙁

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [Anonymous-SADIQ](https://wordpress.org/support/users/anonymous-sadiq/)
 * (@anonymous-sadiq)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579347)
 * Contact WordPress it’s a suspicious malware that targeted your file
    Anonymous-
   S
 *  [harwlin](https://wordpress.org/support/users/harwlin/)
 * (@harwlin)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579512)
 * How do you contact wordpress. I have been looking everywhere to contact someone
   directly and cannot find any help. I think the .htaccess file was hacked but 
   I am not the one who found the problem. Also, on my dashboard there is a message
   to move the .htaccess file but it does not say where to move it to. I am also
   getting a message that says I don’t have a backup database folder, but I checked
   the location and there is a folder. AND I can get my home page on my blog but
   all the pages that you click on the menu for create an error. So many problems
   and I have no idea where to start to fix them! Any help would be greatly appreciated!
   Thanks.
 *  [MickeyRoush](https://wordpress.org/support/users/mickeyroush/)
 * (@mickeyroush)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579526)
 * There may be no easy solution. I’ve combined as many links into one post so that
   you won’t have to search the entire web indefinitely. Hopefully they will help
   you.
 * Check your site(s) here:
    1. [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   2. [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) 3. [http://www.virustotal.com/](http://www.virustotal.com/)
   4. [http://www.phishtank.com/](http://www.phishtank.com/) 5. [http://www.browserdefender.com/](http://www.browserdefender.com/)
   6. [http://ismyblogworking.com/](http://ismyblogworking.com/) 7. Google Safe 
   Browsing (to access a site’s google info, add their domain to the end of this):
   [http://www.google.com/safebrowsing/diagnostic?site=](http://www.google.com/safebrowsing/diagnostic?site=)
   example: [http://www.google.com/safebrowsing/diagnostic?site=example.com](http://www.google.com/safebrowsing/diagnostic?site=example.com)
 * Backup everything and put that backup somewhere safe.This is in case you have
   problems later on. Even though you could be backing up infected files, it is 
   more important to have a backup up of your work, for if you make a mistake cleaning
   your site, you will still have the backup(s).
    1. [http://codex.wordpress.org/WordPress_Backups](http://codex.wordpress.org/WordPress_Backups)
   2. [http://codex.wordpress.org/Backing_Up_Your_Database](http://codex.wordpress.org/Backing_Up_Your_Database)
   3. [http://codex.wordpress.org/Restoring_Your_Database_From_Backup](http://codex.wordpress.org/Restoring_Your_Database_From_Backup)
 * Then read these:
    1. [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   2. [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   3. [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   4. [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * If you have indications of possible timthumb hacking, please read these:
    1. 
   [http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html](http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html)
   2. [http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/](http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/)
   3. [http://www.wpbeginner.com/wp-tutorials/how-to-fix-and-cleanup-the-timthumb-hack-in-wordpress/](http://www.wpbeginner.com/wp-tutorials/how-to-fix-and-cleanup-the-timthumb-hack-in-wordpress/)
   4. [http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/](http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/)
 * Once your site is clean, then read this:
    1. [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
   2. [http://codex.wordpress.org/htaccess_for_subdirectories](http://codex.wordpress.org/htaccess_for_subdirectories)
 *  [harwlin](https://wordpress.org/support/users/harwlin/)
 * (@harwlin)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579528)
 * Thank you so much for all your help. When I checked my site with the first group
   of links they all said my site was clean. But the last link, [http://ismyblogworking.com/](http://ismyblogworking.com/),
   said my blog was broken….but I don’t know how to go about fixing the problem.
   So it seems the site is clean. Any idea how to fix the pages appearing with errors?
   Thank you again for all your help!!
 *  [harwlin](https://wordpress.org/support/users/harwlin/)
 * (@harwlin)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579529)
 * Oh, my site is [http://www.lindseyharwath.com](http://www.lindseyharwath.com)
   if you would like to check it yourself on that page.
 *  [MickeyRoush](https://wordpress.org/support/users/mickeyroush/)
 * (@mickeyroush)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579534)
 * > harwlin wrote:
   >  Oh, my site is [http://www.lindseyharwath.com](http://www.lindseyharwath.com)
   > if you would like to check it yourself on that page.
 * I checked those errors and they’re really irrelevant. Those are just suggestions,
   unless you really need your RSS working. A robots.txt file is to help with search
   engines crawling your site, but not necessary for the functioning of your site.
   Your site loads slow because of all the images/content you have on your home 
   page.
 * I’m not sure about your message(s) concerning your .htaccess and database backup.
   You may need to contact your host if you have any other issues. But your site
   seems fine to me.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘.htaccess Hacked’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 4 participants
 * Last reply from: [MickeyRoush](https://wordpress.org/support/users/mickeyroush/)
 * Last activity: [14 years, 3 months ago](https://wordpress.org/support/topic/htaccess-hacked-1/#post-2579534)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics