I was wondering if someone could provide knowledge on how an .htaccess file is hacked in a wordpress blog.
This morning, I found a 500 Internal Server Error when trying to launch my blog’s default page in a browser. I did a preliminary google search for this and saw content related to .htaccess files being changed. Sure enough, mine was. It didn’t really look like there were any redirects, but it was definitely different.
I’ve done a lot of research since then and it seems that there are ways bots or viruses can obtain FTP information to enable a user to alter the .htaccess file to bring an entire blog/site down.
I also see that the Codex directs users to set permissions to “777” to enable pretty permalinks which are better crawled by search engines.
Should I continue to have “777” permissions applied to my .htaccess file? Is this how an intruder got in to alter my .htaccess file?
I see that there are many alterations you can make to the code inside of an .htaccess file. If the permissions are not too open, will these code changes even matter?
As of yet, I have changed the .htaccess file back to what it was previously and my blog works fine. I don’t see any other alterations to the blog that look out of the ordinary.
I’m just trying to obtain some knowledge on protecting .htaccess.
Any help or advice would be greatly appreciated.
Thanks in advance.
- The topic ‘My site’s .htaccess file hacked, how?’ is closed to new replies.