Back-end not working possibly due to .htaccess file.

@hugonh in my case, i have more than 250. Htacess files, so I deleted wp-admin and wp-includes folders. Then download fresh WordPress and upload these two folder.
And about wp-content, i deleted htacess manually. I know it’s hard but you need to do this manually.

@abdulhanan i had 180 .htacess malware, Samir.php, content.php, radio.php, header.php from themes with malware. But my client site still being redirected for 18k links and i cant fix. Anyway thanks for advice about reinstall. Inshalah mate

Hello guys,

My website was infected too.

I recovered the access to the wp-admin folder by

1) deleting manually all strange files in my WP root directory, including ones named “spsa.zip” and “cgslg folder”

2) deleting manually strange numerical codes (malware codes) in the root files like index.php

3) deleting htaccess files injected into the wp-admin and wp-includes folders

After that, the unwanted code that blocks (py|exe|php) was not longer automatically writen in my htaccess file. I am now running a malware detector in my server side.

Good luck!

I’ve mixed your great solutions and testing until it worked!

1. Check the installed WordPress version
2. Rename the folders wp-admin and wp-includes to: xxxwp-admin and xxxwpincludes
3. Download the original installation WordPress files and upload to the root domain folder: /wp-admin and /wp-includes
4. In the root, your .htaccess must content only:

# BEGIN WordPress
# The directives (lines) between “BEGIN WordPress” and “END WordPress” are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>`
`
* At this point, your wordpress dashboars must work!

But, if you notice, you have a lot of .htaccess includes into each folder, right?

I’ve compressed all the website files, (in my cpanel/file manager) and downloaded to my local PC

Once i’ve downloaded and uncompressed, using Windows File Manager, i’ve search for “.htaccess” I’ve removed all the unwanted. In my case I’ve deleted around 1800 .htaccess. DO NO DELETE THE .HTACCESS in the Root file updated in the Step 4.

Once it’s cleaned, compress all and upload it to your server.

Delete all the existing files and only left the .ZIP file containing the cleaned version.

Uncompress and voila!

Site Working and cleaned.

Good Luck!

Many thanks for your codes… one question… in order to avoid this problem in the future: does anyone of you know, what (could have) caused the root of this problem? My plugins were on a very recent state, it could only probably be, that some of the co-workers had a too easy to guess password or something like that?… any other root-causes for the entry of this virus known?

And also wanted2know, if whether it is reasonably safe to restore today’s database or whether I should then take a version from yesterday or days b4 or so?

Hello Team,

I am facing the same issue. .HTAccess in mt all folders and a malware code in my Index.php. if we change its rewrite itself.

Plz help
Thank You

Hello,
I am not sure what’s going on, so im seeking your help.

When logging on through the admin panel, I am able to see my dashboard, however i am unable to edit or click on any other link within the dashboard, this give me a page not found message.

I’ve looked possible solutions such as updating the .htaccess file

From

<FilesMatch “.*\.(phtml|php)$”>
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch “(index).php$”>
Order Allow,Deny
Allow from all
</FilesMatch>

To

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

this did the trick, however the .htaccess file is overridden in a couple of minutes with the first part again. I’d like to not continue to modify the .htaccess file everytime i need to make a change to a post or view a plugin on the backend.

please help.

@suryapss Thanks a million, worked like a champ!