I wrote about a strange case of .htaccess hijacking a few months ago, and recently found that my files again were injected with some garbage redirects to Russian sites (would you stop already, fellow Russians?)

If you’re running a WordPress site and ran into a similar problem, here are some notes on resolving it:

• first and foremost, edit the .htaccess file and remove all the junk redirects. It is usually at the top of the file
• apparently, the common way for injections like this is to sneak in is via wp-content/plugins directory. I found it was true for me, because I happened to have some old client work on my hosting server, and in one of the WordPress directories, some unknown plugin folder was found (named in a real suspicious way, something like “zasdgsdrs”)

  I would suggest inspecting your plugin folders and removing any weird looking stuff. Also disable and delete plugins that you don’t use, and check carefully before installing any new ones.

• make sure your .htaccess file has proper permissions (644 is recommended)
• make sure youre WordPress is up-to-date, upgrate to the latest stable version
• it’s a good idea to also change passwords as recommended by WordPress
• and if you’re still paranoid, read through the FAQ docs

And a couple of useful related links:

• Hardening WordPress
• Understanding .htaccess attacks

I wonder if this also has anything to do with hosting providers. Any thoughts from fellow WordPress-runners?