Reputation: 2115
Wordpress/Godaddy: How can I tell if this .htaccess has malware in it? wp-currentver.php
Godaddy flagged my /html/.htaccess file as possible malware.
Is this malicious? Fwiw, it also flagged wp-currentver.php as possible malware.
My site looks fine, appears to be functioning fine.
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^([^/]*)/$ /wp-currentver.php?p=$1 [L]
# BEGIN WordPress
# END WordPress
Upvotes: 3
Views: 980
Answers (1)
Reputation: 17561
You got hacked.
Those are redirects that detect if someone is coming through Google search results with Google as a referrer; the standard WordPress (non-Multisite) rewrite block is at https://codex.wordpress.org/htaccess i.e.:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And the file wp-currentver.php is malicious and not WordPress core. Also see https://productforums.google.com/forum/#!topic/webmasters/f4Cw1k1-j6g
Carefully follow FAQ My site was hacked - WordPress Codex.
Find a more secure host.
Then take a look at the recommended security measures in Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex
Upvotes: 3
Related Questions
- What is this file in .htaccess?
- Wordpress Malware - How do I remove it?
- .htaccess files are repeatedly being created in File Directory
- Unwanted redirection in wordpress site
- Wordpress Security Malicious Software
- Virus/malware modifying .htaccess on Joomla CMS website
- Finding malicious script on my webserver with grep
- Malware on website hxxp looks suspicious
- The site ahead contains malware
- Trying to recover sites from a .htaccess redirect badware on Wordpress