.htaccess attacks on WordPress

I wrote about a strange case of .htaccess hijacking a few months ago, and recently found that my files again were injected with some garbage redirects to Russian sites (would you stop already, fellow Russians?)

If you’re running a WordPress site and ran into a similar problem, here are some notes on resolving it:

  • first and foremost, edit the .htaccess file and remove all the junk redirects. It is usually at the top of the file
  • apparently, the common way for injections like this is to sneak in is via wp-content/plugins directory. I found it was true for me, because I happened to have some old client work on my hosting server, and in one of the WordPress directories, some unknown plugin folder was found (named in a real suspicious way, something like “zasdgsdrs”)

    I would suggest inspecting your plugin folders and removing any weird looking stuff. Also disable and delete plugins that you don’t use, and check carefully before installing any new ones.

  • make sure your .htaccess file has proper permissions (644 is recommended)
  • make sure youre WordPress is up-to-date, upgrate to the latest stable version
  • it’s a good idea to also change passwords as recommended by WordPress
  • and if you’re still paranoid, read through the FAQ docs

And a couple of useful related links:

I wonder if this also has anything to do with hosting providers. Any thoughts from fellow WordPress-runners?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s