Protecting my websites from hackers
For the past three weekends, my websites have been subject to attacks by hackers. I wasn’t sure what was going on at first, but then I realised that a script was gaining access to all the .htaccess files and injecting additional text.
With websites hosted on Apache-powered servers (i.e. most of the web) the .htaccess file allows rules to be defined for specific things to happen. This can be incredibly powerful and useful. For example, if you move something from a subdirectory of your personal website to its own domain, you can create an automatic redirect. There’s a million other things you can do, too.
The specific attack I’ve been subject to several times recently is where a whole batch of rules are added to the .htaccess file of each website I run. Cleverly, these are added after lots of spaces have been added, so they’re not immediately visible when you go to edit the file. They also seem to *only* work on mobile, which obviously isn’t how most website owners edit (or even view) their own websites. Visitors were redirected to websites dedicated to gambling, mobile gaming, and porn.
I sought advice from various quarters and updated my passwords for both my main blog and my webhosting account. I also installed the [Wordfence plugin](https://www.wordfence.com/) to add an additional layer of security. This, unfortunately, made no difference.
So, today I’ve done the following:
- Deleted the spam-generating rules added by the hackers’ script
- Followed the advice in this: [A Comprehensive Guide to Editing .htaccess for WordPress Security](https://premium.wpmudev.org/blog/htaccess/)
- Added the .htaccess rules from here: [6G Firewall 2016](https://perishablepress.com/6g/)
I’m also in the process of changing all the usernames and passwords on all of my WordPress installations. This is a royal pain in the arse.
Neil Ford 1:36 pm on February 18, 2017 Permalink |
If installing the Wordfence plugin didn’t help (and I’ve found it to be very good), then it’s quite possible that WordPress isn’t the way in the hackers are using. That means unfortunately adding rules to .htaccess may not resolve the issue.
Good luck getting to the bottom of this. As you say, pain in the arse.