Do Sucuri plugin updates change .htaccess?

  • Resolved deeveedee

    (@deeveedee)


    6 years, 8 months ago

    I have noticed that my .htaccess file changes when I perform plugin update maintenance on my website. It appears that the .htaccess file change occurs when I update the Sucuri Security plugin. The file change restores the #WORDPRESS section of the .htaccess file to its defaults (eliminating a few of my rewrite changes).

    Do updates to Sucuri Security plugin rewrite the .htaccess file?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Do updates to Sucuri Security plugin rewrite the .htaccess file?

    What other plugins do you have installed?

    Thread Starter deeveedee

    (@deeveedee)

    @yorman,

    Thanks for the quick reply. The plugins that I updated (bulk update in WordPress dashboard) at the time of the .htaccess file change were:

    • animate-it
    • ninja-forms
    • sucuri-scanner
    • under-construction-page
    • woocommerce
    • wordpress-seo
    • wp-logo-showcase-responsive-slider
    • This reply was modified 6 years, 8 months ago by deeveedee.

    Thank you, I will install these plugins in a new server and start testing.

    Thread Starter deeveedee

    (@deeveedee)

    @yorman,

    I appreciate your help and know that you are extremely busy. If .htaccess is not modified by Sucuri Security plugin, I don’t expect you to find the cause (although I do appreciate your offer). If it’s not Sucuri, then I suspect it might be something in cPanel.

    Thank you for understanding, I just wanted to be sure.

    The only places where the htaccess file is being referenced are these:

    src/base.lib.php      line 385 [1]
src/integrity.lib.php line 606 [2]
src/integrity.lib.php line 609 [3]
src/fileinfo.lib.php  line 138 [4]
src/hardening.lib.php line 196 [5]

    I went to check all of these but couldn’t find any code that would revert the content of the htaccess file back to its original state. There is an additional instruction here [6] used to check if the file contains the basic rules defined by WordPress during the installation of the website, but this code is only executed when you access the “Website Info” panel in the settings page, and it only runs in read-only mode, meaning that the content of the htaccess file is never overwritten.

    I will add this to my TODO list to continue the investigation later, but as you said, I may not find anything related to our source code. I would check both WooCommerce and WordPress-SEO but their code is several times more complex than the Sucuri plugin.

    What I would do in your case is, check the last modification time of the file. Then check in the website access logs a HTTP request that matches the time. This will give you an insight of what action was executed when the file was reset.

    Let me know if you need more information.

    [1] sucuri-wordpress-plugin/src/base.lib.php#L370-L394
    [2] sucuri-wordpress-plugin/src/integrity.lib.php#L596-L606
    [3] sucuri-wordpress-plugin/src/integrity.lib.php#L596-L609
    [4] sucuri-wordpress-plugin/src/fileinfo.lib.php#L120-L140
    [5] sucuri-wordpress-plugin/src/hardening.lib.php#L185-L197
    [6] sucuri-wordpress-plugin/src/settings-webinfo.php#L168-L175

    Thread Starter deeveedee

    (@deeveedee)

    Thank you, @yorman!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Do Sucuri plugin updates change .htaccess?’ is closed to new replies.