.env files

Hi @albarosa,

Which hosting do you use? What architecture is there to use .env does it have FTP and DB access details?

.env file seems accessed with the GET method means it was available to access the public and placed where it should not be, It should be accessed from the parent folder of the web.

WordPress does not have the .env file so we still do not implement any security for it.

Forbidden access when accessing from the website. You should add below in .htacess if you have apache or any other server which supports .htacess. if not supported it might be the reason it is accessible you can cross check by access from browser location {site_url}/{path_to_.env}

# Disable index view
Options -Indexes

# Hide a specific file
<Files .env>
    Order allow,deny
    Deny from all
</Files>

If .env has DB access, they might add an admin and have injected files using file manger, etc plugin.

Better first make .env not acccesible

Change FTP / DB password / Remove any new Admin user and change password for admin user.

Update all WordPress core files and plugins/themes files. and now check which extra files are there. If any have the back door as infected code remove it.

Regards

Hello @hjogiupdraftplus,

My website is on a shared business hosting plan, so I don’t have my own dedicated server. I don’t know which architecture is used, and my hosting provider says there are no .env files. Furthermore, my website is still under investigation, and I’m waiting for responses from my hosting provider. Up until now, it’s not clear to me why the following code:

<Files .env>
    Order allow,deny
    Deny from all
</Files>

has no effect in my .htaccess file. I added this code to the .htaccess file two days ago when I noticed the attacks, but the requests were not blocked. I tried also this code

<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

but without any effect.

Similarly, I blocked the IP addresses three times: once through your plugin (i used the blacklist function in the firewall section), once via the .htaccess file with two different variants, and once through my hosting provider’s dashboard. Nevertheless, the attacks frome the same IP adresses continued until I finally put the website in “Under Attack Mode.” That helped, and there have been no attacks today. It could also be that the hosting provider has taken measures, but I don’t know what exactly. I know that my website is being investigated and tested for various issues.

Thank you for all the tips; I have already changed all passwords. When you say:

“Update all WordPress core files and plugins/themes files. and now check which extra files are there. If any have the back door as infected code remove it.”

Would this possibly be a function where your PRO version could help? Or does that not fall within the scope of the plugin? Your PRO version also includes a malware scan. Would that be suitable for this?

I see that you also offer advice for malware cleanup. I might need that.

Thank you for a response and best regards,
Albarosa

• This reply was modified 3 months, 2 weeks ago by albarosa.

Hi @albarosa,

Ok, if you have shared server please contact your hosting proivder and .env file is not part of the general WordPress installation.

Why htaccess not working server provider might can answer, It depends on the Webserver etc.

Unfortunately, www.remarpro.com rules do not allow their forums to be used by us for paid software.
But on our website, you can raise a support ticket.

No it is suggestion, we do not offer manual malware clean up.

Regards

Thank you very much for the very helpful answers @hjogiupdraftplus.

I am still waiting for the results from my hosting provider, and then I will make further decisions.

Kind regards

Hi @albarosa

Ok, keep me posted.

Regards