I Got locked out of my admin url. Because htaccess gets changed frequently

My htacess file gets freqently changed. I have to restore the htacess file daily. today to do that i cant even acess my admin panel. Snapshot, SwiftSecurity, Wp super cache -- i think these are in play in changing htaccess. Please help me restore my htaccess. And How not to let anything change the htaccess? Can i have 2 htacess in same directory?

  • Adam Czajczyk

    Hello Sreedhar,

    I hope you're well today and thank you for your question!

    The ".htaccess" file shouldn't be changed often unless there's some kind of purely written security plugin that "dynamically" adds some rules (e.g. IP limits) to it or there's some malicious code on the site. I would recommend checking and cleaning up the page against any malicious code. If you need direct help with that, you may want to post a question on our "Jobs & Pros" job board (please note: no WPMU DEV staff involved!) here:

    https://premium.wpmudev.org/wordpress-development/

    Snapshot, SwiftSecurity, Wp super cache -- i think these are in play in changing htaccess.

    Our Snapshot doesn't change ".htaccess" file unless a site is being fully restored from backup but that shouldn't be happening automatically and usually is not performed on daily basis.

    I'm not well familiar with SwiftSecurity unfortunately but I don't think it should be changing that file "on its own" and the W3 Super Cache makes changes only when it's being configured.

    Please help me restore my htaccess.

    Fortunately, WordPress is using standard .htaccess so you should be able to restore it based on this article:

    https://codex.wordpress.org/htaccess

    Check the article please and depending on whether you site is a regular single WP install or a Multisite - select appropriate .htaccess content (there are only three of them: "Basic WP" for single site and two for Multisite depending on if it's a sub-folder or sub-domain based installation).

    Once this is done, make sure that your security and cache plugins are configured and then change permissions of a ".htaccess" file to "0444". You can do this using FTP or using cPanel "File Manager".

    The "0444" permission means that the file is read only and nobody/no script should be able to change it. This should prevent it from being modified.

    If you have any further questions on this, let me know please.

    Best regards,
    Adam

  • Adam Czajczyk

    Hello Sreedhar!

    The fact that you .htaccess changes that frequently and that resources are aggressively used seems to confirm that there may be some malicious code involved. We do not provide custom services though (including malware cleaning).

    My suggestion would be to start with this:

    1. make a full backup of your site (all the files and entire database)

    2. check your WordPress version (I presume it's current 4.6.1) and then download a fresh package from this page:

    https://wordpress.org/download/

    3. Extract downloaded file to your local storage

    4. Access your site via FTP

    5. Upload all the files from extracted package to your server to overwrite your current WordPress install, except these:

    - /wp-content/ folder
    - "wp-config.php" file
    - .htaccess file

    This should give you a "clean WordPress core".

    Then you would want to do the same with your current Theme: overwrite theme files with fresh copy downloaded from source. It may be necessary to repeat that action for all the plugin as well.

    If you don't feel like you could handle that yourself and/or that wouldn't help, please consider hiring a professional that could help you clean up the site. You may want to use our "Jobs & Pros" job board for this (please note: no WPMU DEV staff is offering services there!):

    https://premium.wpmudev.org/wordpress-development/

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.