I can see these lines and .htaccess files almost everywhere

  • <FilesMatch ".(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>

    My site was hacked and I can see these lines now.. it initially prevented me to load images, is this something shipped with wp ?

    where we need .htaccess files?? like wp-conten or upload? thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    That’s OK if it occurs in wp-contents/uploads, as it prevents any any executable files from being executed. There should be none in uploads. It may have been added by your host or a security plugin.

    Thread Starter May I Know

    (@cityonline)

    @sterndata thanks but I can see something like these, just few as examples

    public_html/wp-content/plugins/bloom/core/admin/images/epanel/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/admin/js/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/api/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/api/spam/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/api/social/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/api/email/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
public_html/wp-content/plugins/bloom/core/components/lib/.htaccess: SL-HTACCESS-GENERIC-aap.UNOFFICIAL FOUND
    Thread Starter May I Know

    (@cityonline)

    I can see these files list afer scan

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    You’d need to ask the folks at the Bloom plugin about that. However, I note that the plugin was removed from the wp.org repository six years ago. Using a plugin that old is a good way to get hacked. I’d remove it if I were you.

    Thread Starter May I Know

    (@cityonline)

    @sterndata actually I have set you few as an example, these are everywhere, even in core folders

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    So what security plugin did you install that created all of these? And you really need to deal with the Bloom plugin.

    Thread Starter May I Know

    (@cityonline)

    @sterndata I have not installed any security plugin, but after hack I am now using wordfence…

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Wordfence IS a security plugin, but I don’t think it adds .htaccess everywhere. If your site is working, you can just ignore the extra .htaccess files. If there are parts that are not working, I’d suggest removing them.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘I can see these lines and .htaccess files almost everywhere’ is closed to new replies.