.htaccess attacks are very frustrating, period! I wanted to write this to share the numerous methods and techniques I used to recover my websites from a recent .htaccess attack.
This type of attack on WordPress install will create .htaccess files on every single directory of the install and that file would have some codes that would modify directory access. I tried various things. I deleted these files, but it got recreated instantly.
Change Login Passwords
First step is to change login passwords to something super strong. In wordpress, in Cpanel, and in webhost.
Rename The Main Folder
This is the only thing that stopped the auto-generated index.php and .htaccess files from re-creating – to change the name of the main folder that houses all WordPress install files from FTP.
Once you rename this folder, you will have to go into cpanel and make sure the correct folder name is updated for the domain and any other places that use folder location.
Security Scan the Hell Out of It
I used Wordfence plugin and use their free Scan feature to scan the entire directory of the WordPress install. The beauty of this plugin scanner is, it will show which files are infected or modified, or injected. You can directly delete those files.
Alternatively, you can also go into FTP and delete .htaccess files but that is a very tedious process. I found this scanner plugin did a much better job.
If core files are modified, you will want to download a new WordPress copy of the same version you have installed and replace those files. Wordfence plugin was able to replace those with core files as well.
Add Protections For Future
I have installed Sucuri Security plugin after clearing out everything. I like this plugin because it can send me notifications of any changes to files or changes to content.
If your web host provides any security products you can also activate those.
You could also add Login Limit Plugins and modify login page url plugins such as WPS Hide Login.