rewrite to htaccess file shut down site

  • Resolved 5high

    (@5high)


    11 years ago

    Hi,

    Our site has recently had an issue with a plugin writing incomplete code and/or totally removing the WP bit, namely this bit:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    from the .htaccess file… causing either 500 or 404 errors and the site to crash.

    So firstly, if it’s this plugin that’s doing this, it may be a bug that needs fixing (if others are having the same problem?) and secondly, I’d like to know if this pugin does in fact require write access to the .htaccess file? – if not, then I thought I could try securing it using the Better WP Security plugin settings.

    Dose anyone know?

    Many thanks ??

    https://www.ads-software.com/plugins/ecwid-shopping-cart/

Viewing 4 replies - 1 through 4 (of 4 total)
  • makfruit

    (@makfruit)

    Hello,

    Thank you for the message and sorry for the troubles you faced. Ecwid plugin doesn’t touch .htaccess file on your server because it doesn’t need that. But anyway “.htaccess” file is a crucial part of any WordPress installation, thus such issues should be treated seriously. We will be happy to help you with this. Please find the details and recommendations below.

    First of all, I’d like to point out that Ecwid plugin has nothing to do with the .htaccess changes you discovered. Neither Ecwid application nor our official WordPress plugin makes any changes in .htaccess – they do not need that. In fact, Ecwid plugin doesn’t even have any functions/tools/code for such changes. And, to answer your questions directly: no, Ecwid plugin doesn’t need access to .htaccess file on your server so you may restrict it if necessary.

    From our experience, such issue might be caused by one of the following parties:
    – Your WordPress configuration or your theme’s specific functions
    – Some kind of SEO or redirects WP plugin on your site
    – A virus/malware on your site or on your computer

    Do you have any third-party plugin which is responsible for redirects or SEO-friendly URLS (Clean URLs)? Also, please let me know what settings do you have on the Settings->Permalinks page (what mode is selected there)? What exact code did your .htaccess file contain when the issue appeared? What code was added to it?

    With regards to the third assumption (virus/malware), it sometimes happens on the sites using popular CMS platforms that the .htaccess file is hacked by viruses to include some malicious redirects. If this is the case, there could be a malicious code either in some of the files on your server (it can be in your WordPress folder or other sites/folders on the server if any) or on your computer or even both. Have you recently noticed any malicious links/redirects on your site? Does the .htaccess file contents keep changing if you disable all plugins on your site? How does .htaccess file look now?

    I’d like assure you that Ecwid and all its data including your store is safe. Ecwid itself is hosted on our servers that are totally secure, so all your customers/orders/catalog data is out of harm’s way.

    Of course, if the issue you discovered is caused by a virus, it needs to be thoroughly investigated and fixed asap. You will likely need to check your computer and server using an antivirus program to locate and get rid of the infected code. This tutorial could also be helpful: https://wp.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/

    We will be glad to help you so please answer the questions I posted above and provide as many details as possible so we could suggest a solution or possible workarounds.

    Look forward to your reply.

    Thread Starter 5high

    (@5high)

    Hi makfruit,

    Thanks for your very detailed and helpful reply. I’ve had a good read of all the links you suggested, and followed up on others, so feel much better informed now – excellent resources, thanks!

    re. your suggested culprits:

    From our experience, such issue might be caused by one of the following parties:
    – Your WordPress configuration or your theme’s specific functions
    – Some kind of SEO or redirects WP plugin on your site
    – A virus/malware on your site or on your computer

    we use WP SEO by Yoast (which is highly recommended by many, so should be OK): I’ve run the Securi check on our site and the Malware check – and all good, so that’s a relief: and all wp themes and plugins are up to date…. though as we have a child theme I will probably run the theme checker plugin too.

    re:

    Do you have any third-party plugin which is responsible for redirects or SEO-friendly URLS (Clean URLs)? Also, please let me know what settings do you have on the Settings->Permalinks page (what mode is selected there)?

    the Yoast plugin probably does this to some extent, and our settings are fairly standard wp ones =

    Post name https://trevorpenfold.com/sample-post/

    so OK here??

    The abnormal changes to the .thaccess file (that breaks the site) happens intermittently – either 2 x month or sometimes not for another 4 months – so it seems unlikely to be a virus? And the changes are varied – once all the wp code was totally removed; another time extra wp code was added, but only part of it (IE: incomplete code); previously we’ve had about 100 lines of XXXXXXXX added in the block ISP’s section; and so on… so very varied!

    Overall, I’ve gone through our whole site and cleaned it up hugely, and secured the wp-congig and htaccess files etc so this should all help – agin many thanks for the links.

    There are a few more security settings i’d like to add, so please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how the Ecwid plugin works?…

    Server Tweaks:

    1. Protect Files

    Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    2. Disable Directory Browsing

    Prevents users from seeing a list of files in a directory when no index file is present.
    (Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)

    3. Filter Request Methods

    Filter out hits with the trace, delete, or track request methods.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    4. Filter Suspicious Query Strings

    Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    5. Filter Non-English Characters

    Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
    (Warning: This feature is known to cause conflicts with some plugins and themes.)

    Header Tweaks:

    6. Remove EditURI header

    Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
    (Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)

    I look forward to your comments – many thanks.

    makfruit

    (@makfruit)

    the Yoast plugin probably does this to some extent

    Yoast is indeed a quite popular plugin and we make Ecwid shopping cart plugin compatible with Yoast in one of the recent updates (more details: https://www.ecwid.com/forums/showthread.php?t=25755) . So I don’t think Yoast plugin could cause such issue. To make sure, you probably should contact them on this matter – probably, they’re familiar with such .htaccess troubles and will advise.

    The abnormal changes to the .thaccess file (that breaks the site) happens intermittently – either 2 x month or sometimes not for another 4 months – so it seems unlikely to be a virus?

    It’s hard to say. The thing is a virus could be not only on the server your site is working on but also on your computer or on a computer of a staff member who maintenance the site for. Of course, it could be not a virus at all – I only assumed that basing on similar cases I had previously. This time, it can be some buggy plugin/WP theme/hosting settings etc.

    I think it would be a good idea to contact your hosting with regards to this issue – they will hopefully be able to help. Moreover, there is chance they received similar requests from other clients so maybe there is a ready FAQ for such kind of issue.

    There are a few more security settings i’d like to add, so please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how the Ecwid plugin works?…

    These security adjustments should not anyhow affect Ecwid plugin so please try to enable them and check. If something goes wrong, please let us know.

    Thread Starter 5high

    (@5high)

    Thanks for all the info and your help – i’ll let you know if there’s a problem with Ecwid when I increase the security settings.
    Cheers.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘rewrite to htaccess file shut down site’ is closed to new replies.