Can some kind person please help look at this .htaccess file and tell me what is the vulnerability here.. this is the .htaccess file from my Wordpress site after the hacker got in (I inherited the website so wasn't sure what it was before alternative I could revert back to reinstall Wordpress but this doesn't solve my problem).. there is a hole and these hackers keeps coming back!!!
It maybe that they have modified the Wordpress .htaccess file giving them the back door.. and also use the .htaccess to show the details of the url.. Please assists to look at this .htaccess and advise me how to fix the hole. Thank you in advanced.
# Enable HTTPS
RewriteEngine On
RewriteCond %{HTTP_NR_SSL} !="1"
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This is a team of hackers that keeps coming back to re-direct information to their email box, despite removing the Wordpress WP-Admin page to somewhere they still managed to changed my admin password. At first I changed the admin login password hoping they go away but they still managed to look it up and changed the password, I change it back and they change it over again. I have added a login notifier plugin which worked in the beginning but now the hacker has modified something and I don't receive notification anymore on login attempts. I have added SSL but that didn't help. I have been pulling my hair!
If this helps..I think this may be the original installed of .htaccess (from USB drive of installed files)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# BEGIN WordPress
# END WordPress
and this is the hack version currently in Wordpress
# Enable HTTPS
RewriteEngine On
RewriteCond %{HTTP_NR_SSL} !="1"
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Understanding the criticality of .htaccess
I am afraid to remove codes I am nt familiar with and cause the whole Wordpress site to fall over and not work again or any implications.
Related
I'm having a problem with my URL and my sessions.
I wish to have ALL website pages be forced to use www. As it looks like now, the website looks like this:
www.example.com into www.example.com
example.com into www.example.com
www.example.com/example/ into www.example.com/example/
example.com/example into example.com/example (this is what's wrong)
This is what my .htaccess file looks like:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP_HOST} ^wewent\.net
RewriteRule ^(.*)$ http://www.wewent.net/$1 [L,R=301,NC]
</IfModule>
# END WordPress
Because the URL does not redirect properly I get double up with sessions one for www and one for the website without. How can I prevent this the best way?
It seems to look ok but one thing you should do is always put your other rules before the wordpress rules as a habit. When using wordpress it should generally be the last set of rules since it does all the routing. Now for the redirect, you should probably use 302temporary which will remove any current cache and verify that your redirects are working properly. Then you can change it to 301 for permanent once it's working correctly.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.wewent\.net [NC]
RewriteRule ^(.*)$ http://www.wewent.net/$1 [L,R=302,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have a website www.website.com and a few domains that redirect to this site. It's a masked redirect, so if I write www.domain.com I can see this url in the browser all the time, but it's actually redirected to subdomain.website.com What I'd like to do is do some .htaccess rewrite rule, so that everything that has domain domain.com will be rewrited to a local file on a server, that is outside of current folder. Let me explain folder structure here:
/
sub/
-- subdomain/
-- test/
---- index.html
web/
Currently everything from www.domain.com goes to /sub/subdomain. In the .htaccess file in /sub/subdomain I want to reroute the request to /sub/test/index.html. So in my .htaccess file in sub/subdomain folder I've tried this:
#start masked redirect
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
#RewriteBase /
RewriteCond %{HTTP_HOST} domain\.com$ [NC]
RewriteRule .. /test/index.html [L]
#end masked redirect
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Yes, I'm doing all this on top of Wordpress, which I don't really believe matters, but just to be sure I'm posting it.
Unfortunatelly I get Internal Server Error 500
What am I doing wrong, please?
Also: Please don't ask me why I am doing it like this, it has a reason, I'm not uncovering the whole thing I'm trying to do as it is irrelevant to this problem and I really want to focus on this issue here. I just want to know how to fix my .htaccess and it has to be this way. Thank you for your understanding.
This should be in sub/subdomain/.htaccess file
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTP_HOST} ^subdomain\. [NC]
RewriteRule !^test/index\.html$ /test/index.html [L,NC]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I want to redirect the page http://www.unived.in/ to http://www.unived.in/aboutus/.
I tried lots of plugins but the page still isn't redirected. In fact I have tried changing .htaccess but it still doesn't redirect properly. Sometimes it displays error 500.
Here is my .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond /home/unived/public_html/wp-content/sitemaps%{REQUEST_URI} -f
RewriteRule \.xml(\.gz)?$ /wp-content/sitemaps%{REQUEST_URI} [L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
What do I need to do to make the redirection work?
Read this tutorial to learn more about mod_rewrite: http://www.webforgers.net/mod-rewrite/mod-rewrite-syntax.php
It's very detailed, and should help you accomplish your goal.
I am trying to create a user management system where users can register another users using their pre-created user links such as http www .abc .co. uk/access/register.php?id=username [sorry not allowing to put more links]
but I want the long link to be like this:
http://www.abc.co.uk/username
and when users type the short url it will re-direct to http://www.abc.co.uk/access/register.php?id=username
Below are the codes in my .htaccess file at the moment as I am also running a wordpress in the same domain.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(\w+)$ ./access/register.php?id=$1 [L,QSA]
Can the .htaccess additional codes that I have added for the username redirect be used along with other wordpress redirect in the same .htaccess file?
When I type the short url in the browser it takes me to a "page not found" page.
I have tried several ways and the above codes does not work. Could anyone please help me? Thanks
Jay
What you want is not possible. How could apache differentiate between wordpress pages and usernames?
www.abc.co.uk/contact could be your contact site or the user “contact”. You need to put your referrer urls in a subfolder, eg. register (so you get abc.co.uk/register/username:
RewriteEngine On
RewriteBase /
# Register
RewriteRule ^/register/(.+)$ ./access/register.php?id=$1 [L,QSA]
# Wordpress
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
I have a blog set up at blog.ftj.com/ACSM, it is hosted with Bluehost and their folder structures seem to be case sensitive. Is there something in the .htaccess file that I can adjust so that all possible combinations get redirected to the specific uppercase URL.
Another issue is that it seems that I need to redirect
blog.ftj.com/acsm/
with and without the forward slash.
Here is my current .htaccess file
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /ACSM/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /ACSM/index.php [L]
</IfModule>
# END WordPress
Please submit the full change if you would.
You need to place the following .htaccess in the root dir to rewrite all requests to /ACSM into /acsm
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/acsm$ [NC]
RewriteRule ^(.*)$ /ACSM [L]
RewriteCond %{REQUEST_URI} ^/acsm/(.*)$ [NC]
RewriteRule ^acsm/(.*)$ /ACSM/$1 [L]
</IfModule>
Sorry for delays, have not got an Apache at hands....