I keep getting my .htaccess file hacked on my WordPress installation, what can I do to prevent this from happening again?
http://pastebin.com/H54FaA8U
Have a look on security.stackexchange.com's wordpress tag for guidance here, and this question in particular.
change your user name and password add tough password that has number and digit and character caps etc.
remove all the extra templates, One of you template files are infected that is re writing the htaccess file.
Update all the plugins and templates that you are using.
remove all the extra plugins that you no longer use.
it worked for me good luck
Add this htaccess code in your WordPress .htaccess file to Protect .htaccess and wp-config.php file From Unauthorized Access
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
<files wp-config.php>
order allow,deny
deny from all
</files>
Related
I have files which contain important settings(MySQL password etc...), and jQuery scripts. I don't want them to be accessed(over link, eg. link.com/scripts/jquery_script.js). I made something but that code don't work. Code is in .htaccess file. .htaccess file is in root. I put echo in settings.php file, and I can see it.
<files scripts/settings.php>
order allow,deny
deny from all
</files>
Files directive doesn't take full path.
Use this directive in /scripts/.htaccess (create it if it doesn't exist):
<files settings.php>
order allow,deny
deny from all
</files>
I'm trying to "exclude" a directory (and all it's folder) from the rules in .htaccess file...
Not sure if that's possible?
The .htaccess file is like this:
Order Allow,Deny
Deny from all
<Files ~ "\.(css|jpe?g|png|ico|gif|js)$">
Allow from all
</Files>
<Files "show.php">
allow from 127.0.0.1
</files>
Now, I want to exclude an entire sub-directory...
from these rules...
i.e. Allow from all (for all file extensions in directory "SHOW-STR")
The only way now, is to do it file by file ... but I wonder if there's a way to exclude a sub-directory?
Create an htaccess file in your SHOW-STR directory with this:
Order Allow,Deny
Allow from all
I am trying to deny everyone to download anything inside the "attachment" directory.
My website structure is:
public_html
-img
-css
-root
--attachment
---(numeric id)
----(files)
-js
What I am trying to do is, to deny access to root/attachment//
I tried many things, but I don't know why, I cannot get it working, my last tried was:
.htaccess - on main directory.
<FilesMatch "root/attachment/.*/.*">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you very much :)
FilesMatch doesn't work with directories.
Create a new .htaccess inside root/attachment/ as
<FilesMatch ".*">
Order Allow,Deny
Deny from All
</FilesMatch>
Redirect rules specified in a parent directory .htaccess apply to its sub-directories as well. In case, these access rules do not work the same way, just move the .htaccess directly into files directory.
Create a new htaccess file /root/attackment/.htaccess and add the following lines
Order Allow,Deny
Deny from all
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
I have the following .htaccess file:
RewriteEngine On
RewriteBase /
# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
# Protect log.txt
<Files ./inscription/log.txt>
Order Allow,Deny
Deny from all
</Files>
# Disable directory browsing
Options All -Indexes
I am trying to forbid visitors to access the following file:
domain.example/inscription/log.txt
but what I have above does not work: I can still access the file from the browser remotely.
Within an htaccess file, the scope of the <Files> directive only applies to that directory (I guess to avoid confusion when rules/directives in the htaccess of subdirectories get applied superceding ones from the parent).
So you can have:
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>
For Apache 2.4+, you'd use:
<Files "log.txt">
Require all denied
</Files>
In an htaccess file in your inscription directory. Or you can use mod_rewrite to sort of handle both cases deny access to htaccess file as well as log.txt:
RewriteRule /?\.htaccess$ - [F,L]
RewriteRule ^/?inscription/log\.txt$ - [F,L]
Strong pattern matching — This is the method that I use here at Perishable Press. Using strong pattern matching, this technique prevents external access to any file containing “.hta”, “.HTA”, or any case-insensitive combination thereof. To illustrate, this code will prevent access through any of the following requests:
.htaccess
.HTACCESS
.hTaCcEsS
testFILE.htaccess
filename.HTACCESS
FILEROOT.hTaCcEsS
..etc., etc. Clearly, this method is highly effective at securing your site’s HTAccess files. Further, this technique also includes the fortifying “Satisfy All” directive. Note that this code should be placed in your domain’s root HTAccess file:
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
I don't believe the currently accepted answer is correct. For example, I have the following .htaccess file in the root of a virtual server (apache 2.4):
<Files "reminder.php">
require all denied
require host localhost
require ip 127.0.0.1
require ip xxx.yyy.zzz.aaa
</Files>
This prevents external access to reminder.php which is in a subdirectory.
I have a similar .htaccess file on my Apache 2.2 server with the same effect:
<Files "reminder.php">
Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
Allow from xxx.yyy.zzz.aaa
</Files>
I don't know for sure but I suspect it's the attempt to define the subdirectory specifically in the .htaccess file, viz <Files ./inscription/log.txt> which is causing it to fail. It would be simpler to put the .htaccess file in the same directory as log.txt i.e. in the inscription directory and it will work there.
Place the below line in your .htaccess file and replace the file name as you wish
RewriteRule ^(test\.php) - [F,L,NC]
Well you could use the <Directory> tag
for example:
<Directory /inscription>
<Files log.txt>
Order allow,deny
Deny from all
</Files>
</Directory>
Do not use ./ because if you just use / it looks at the root directory of your site.
For a more detailed example visit http://httpd.apache.org/docs/2.2/sections.html