asimj

Thanks Pothi, I’ll try some of the security plugins and see what happens.

Hi Pothi,

The server has a firewall and the site is scanned for malware regularly using the Securi service. The .htaccess file has always had 644 permissions and no other files have been affected.

I did install the Bulletproof Security plugin and then removed it as I thought it was responsible for the issue. I believe it may be some WP process that is updating .htaccess but don’t know how to identify it.

I understand how .htaccess files work. What I don’t understand is why BPS would create .htaccess files that affect folders higher in the a hierarchical structure than where WordPress is installed? Our blog is installed in /blog directory and BPS .htaccess files affected / root directory. The offending .htaccess file was actually in /blog/wp-admin/ and now I would like to know if any other .htaccess files were created by BPS that are outside of the WordPress directory?