Help with .htaccess permissions

Hi @madamski,

Could you please:

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• Scroll down to the Send Report by Email section
• Send the report to yann[at]wordfence[dot]com

Sent. Thank you! I’m definitely curious to see what we can do to RID this website of the malware that’s been plaguing us for well over a year.

@madamski,

On sites with CGI/FastCGI (like yours), the firewall setup uses .user.ini; can you see a .user.ini file at the root of your site?

In the .htaccess file, can you see the lines “# Wordfence WAF” and “# END Wordfence WAF” with </IfModule> tags in between?

Also, I see that there are 2 error log files (/home1/simsport/public_html/wp-admin/error_log and error_log) downloadable from the Diagnostics page; could you please check their content?

• Go to the Wordfence Tools page
• Click the Diagnostics tab
• Scroll down to the Log Files (Error messages from WordPress core, plugins, and themes) section
• Click the Download link for each file

I have downloaded those two files. Is that what you wanted me to do? Can I send them via private message or email to you?

Did you need me to do something with that .htaccess file?

Thank you!

Following up as I’m very interested in getting these error messages and malware sorted out.

Thanks for the update, whatever that may be!

Hi @madamski,

Do you have a .user.ini file at the root of your site populated with the auto_prepend_file directive?

Does your .htaccess file contain the lines “# Wordfence WAF” and “# END Wordfence WAF” with code in between?

What do you see in the error_log files you downloaded?

I do see the .user.ini file at my root, and here is all it contains:

And here is all that is in the .htaccess file, so no I do not see those that you asked about.

I have uploaded the error files here for you to take a look at:
Error_log

Actually, it looks like they are the same file? Just in case, here is the other one:
Error_log2

• This reply was modified 7 years, 9 months ago by mikeadamski26.
• This reply was modified 7 years, 9 months ago by mikeadamski26.

Hi @madamski,

I believe the original message regarding the permissions on the .htaccess file was appropriate.

I see the permissions for the .htaccess file are: 444. Which means that no user has write access to the file.

At the bare minimum, permissions should be 644 so at least the owner of the file (which would have to be the web server user) would have write privilege.

By the way, I wasn’t able to access the log files. In case the issue persists after you modified the permissions on the .htaccess file, please share the content of the error_log file(s) via Pastebin.

Changing the permissions worked!

Now how do I go about retroactively protecting my site? It seems we have some issues floating around that are a few months old. I’ll play around with WordFence now, but thought I’d ask to as I want to make sure we’re not turning up on blacklists, and not being attacked by anymore Malware.

@madamski,

Glad you were able to complete the optimization procedure!

I recommend you look into this article on our blog which describes the steps you can take to clean your site.

Thank you!