index.php and .htaccess revert to hacked version

  • My site has some sort of malware that keeps causing the index.php and .htaccess files in the root directory to revert to hacked versions with the permission set to 444, making the front end of the site inaccessible (it just shows a blank white screen, but I can access the dashboard no problem. All of my pages are intact as well when I look at them through the dashboard.). I’ve tried reinstalling WordPress, deleting the files, replacing the files, renaming the files, scanning with Wordfence, changing database password, changing FTP password, but nothing is helping.

    Edit: this is the .htaccess file it reverts to. I’m not 100% sure but I think this might be what’s making index.php revert to the hacked code:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    DirectoryIndex index.php
    RewriteRule ^index.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    • This topic was modified 3 months, 3 weeks ago by Steven Stern (sterndata). Reason: removed redundant url
    • This topic was modified 3 months, 3 weeks ago by patking13.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

  • I’m no expert, but I’d try changing the permissions to not allow any changes.

    Thread Starter patking13

    (@patking13)

    @rvh Yeah, it keeps reverting back to 444 even after I change it.

    First, take a look at this article: https://www.ads-software.com/documentation/article/faq-my-site-was-hacked/

    After that, I would recommend deleting the entire project and restoring it from a clean backup. Then install all pending updates and change all passwords (including those for hosting). This is usually the safest way, as the path you started could be very tedious and never successful.

    If you still want to try, change the hosting access data in addition to resetting all core files. Also delete all plugin directories and then download them again. It is best to do the same for the theme. Otherwise, all that remains is a lengthy log file analysis and regular checking of whether and how something is happening.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.