Common .HTACCESS Directives for WordPress
HTACCESS files are used in UNIX based web servers to provide information to the server in addition to the servers own configuration file. WordPress uses HTACCESS files for two reasons. The first is that the permalinks function in WordPress requires a standard set of entries in the site’s main HTACCESS file. Second, plugins will sometimes either have their own HTACCESS file in their main plugin directory or place a few lines in the sites main HTACCESS file. The presence of one or more HTACCESS files ARE NOT a bad thing but you should be aware of them and from time to time you DO want to look for what is called a malicious redirect.
Malicious redirects are permanent instructions to the web server that either redirect search engine robots or all traffic from your website to another website. Though permanent 301 redirects are used for legitimate purposes on websites, they are commonly slipped into a website for malicious purposes as well. The easy way to tell a malicious redirect is when the domain it redirects to is something clearly not associated with your blog or any plugin on your blog (e.g. an online pharmacy or site selling desktop software products).
If you are a plugin developer and use an HTACCESS file in your plugin, feel free to list it by submitting a comment with the actual contents and an explanation of what you are doing. I have also created a downloadable PDF with common HTACCESS entries on WordPress blogs and some examples of 301 redirects.
{ 8 comments… read them below or add one }
RewriteEngine On
this what I found in is that ok?
RewriteCond %{SERVER_PORT} =80
RewriteCond %{HTTP_HOST} ^mail(\.[^.]+)+$
RewriteRule .* http://%{HTTP_HOST}:2095 [R=301,L]
RewriteCond %{SERVER_PORT} =443
RewriteCond %{HTTP_HOST} ^mail(\.[^.]+)+$
RewriteRule .* https://%{HTTP_HOST}:2096 [R=301,L]
Yep, this is standard stuff for permalinks, etc.
Thank you very much for a great pluggin. I noticed some weird traffic tonight through my stats and not too long after I received 10 or so HTAccess warnings. Most of them contain this type of data:
# -FrontPage-
Options None
order deny,allow
deny from all
One is different from the hidden files warning and it looks like this:
[Roles]
advauthor=xxxxxxxx| |View, add, and change pages, documents, themes, and borders; recalculate hyperlinks.
admin=xxxxxxxxx| |View, add, and change all server content; manage server settings and accounts.
author=xxxxxxxx| |View, add, and change pages and documents.
browser=xxxxxxxxxxx| |View pages and documents.
I changed the numbers for the “x’s” just in case they meant anything. lol
Sorry for the long comment too, I haven’t a clue about his sort of thing but I have been hacked before. Not fun!
Thanks for your help
Kelly
Glad we could at least help you raise an eyebrow as to something odd in your blog.
Kelly,
My apologies for missing this comment. Have you solved the issue? If not, send an email to info@how-to-blog.tv as I have some questions about your scenario.
Hi,
I just installed the Malwatch upgrade and it doesn’t work anymore.
Get me some details as to what broke as we want to fix anything not working properly in short order.
The beginning of this seems alright but I don’t like what’s added on to the end. I just deleted a php file in the uploads section and this is showing the authname as wp-content/uploads so I’m wondering if it is referring to the file I deleted.