I wrote about a strange case of .htaccess hijacking a few months ago, and recently found that my files again were injected with some garbage redirects to Russian sites (would you stop already, fellow Russians?)
If you’re running a WordPress site and ran into a similar problem, here are some notes on resolving it:
- first and foremost, edit the .htaccess file and remove all the junk redirects. It is usually at the top of the file
- apparently, the common way for injections like this is to sneak in is via wp-content/plugins directory. I found it was true for me, because I happened to have some old client work on my hosting server, and in one of the WordPress directories, some unknown plugin folder was found (named in a real suspicious way, something like “zasdgsdrs”)
I would suggest inspecting your plugin folders and removing any weird looking stuff. Also disable and delete plugins that you don’t use, and check carefully before installing any new ones.
- make sure your .htaccess file has proper permissions (644 is recommended)
- make sure youre WordPress is up-to-date, upgrate to the latest stable version
- it’s a good idea to also change passwords as recommended by WordPress
- and if you’re still paranoid, read through the FAQ docs
And a couple of useful related links:
I wonder if this also has anything to do with hosting providers. Any thoughts from fellow WordPress-runners?