Site possibly hacked (.htaccess modified)

  • Resolved Ray

    (@rwanwork)


    10 years, 1 month ago

    Hi all,

    I’ve been running a WordPress site for just over a year and it seems starting from a few days ago, the site was hacked. By comparing with a recent backup of the files (i.e., not the database), the following changes were made:

    • Rewrite rules added to .htaccess
    • Google authentication files added
    • index.php changed significantly
    • sitemap.xml added

    Clearly I had been a bit slack in terms of looking after it.

    Can anyone recommend a check list of “must do” to secure a WordPress site. I came across this page about best practices for .htaccess: here. As I have administer privileges for the web server, I’m thinking of adding these rules to the Apache configuration so that it’s outside of the WordPress site.

    Besides this, does anyone have any other suggestions? I was wondering what permissions and ownership should the files and directories of the WordPress site be so that it can be secured yet still be upgradeable?

    Thank you!

    Ray

    PS: I know my WordPress instance is out of date. Will upgrade ASAP to the latest version.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 1 month ago

    Please remain calm and carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter Ray

    (@rwanwork)

    10 years, 1 month ago

    Hi Jan,

    Thanks a lot for the reply!

    I guess my question must be a frequently asked one on this forum. Despite it being one, thanks for taking the time to offer some pointers to me.

    I’ll be sure to remain calm and will look into both links — thanks a lot!

    Ray

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Site possibly hacked (.htaccess modified)’ is closed to new replies.