.htaccess file modified

  • Resolved zenmonkey111

    (@zenmonkey111)


    2 years, 8 months ago

    Hello,

    I installed Wordfence on 3/16. I noticed that on 3/18, the .htaccess file was modified. Are you able to tell me if this could be wordfence? I’ve exported the file from Diagnostics – how do I send you that attachment?

    Recently Modified Files
Modified	File
March 20, 2022 7:10am	
wp-content/et-cache/global/et-divi-customizer-global.min.css
March 18, 2022 2:46am	
.htaccess
March 16, 2022 3:01pm	
wp-content/et-cache/attachment_id_by_url.data
March 16, 2022 3:01pm	
wp-content/et-cache/image_responsive_metadata.data
March 16, 2022 12:00pm	
wp-content/et-cache/en_US/modules-project-16474500394895.data
March 16, 2022 10:12am	
wp-content/et-cache/en_US/modules-post-1647443532309.data
March 16, 2022 9:18am	
wp-content/et-cache/attachment_size_by_url.data
March 16, 2022 9:18am	
wp-content/et-cache/image_srcset_sizes.data
March 16, 2022 8:31am	
wp-content/et-cache/en_US/modules-page-1647437477251.data
March 16, 2022 6:04am	
wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/Buttons/icon.svg

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @zenmonkey111,

    Wordfence can make modifications to the .htaccess, such as during firewall optimization, here’s the code that’s added:

    # Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/oath/to/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/path/to/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    Also don’t forget though that WordPress adds content to your .htaccess, so a ~2am update time might coincide with your automatic version or plugin update schedule. You can check your cron jobs that could be running at this time by visiting the Wordfence > Tools > Diagnostics page.

    If you wish, you can still send us the file, just so long as you include your forum username in the subject line so I can find it, to wftest @ wordfence . com

    Thanks,

    Peter.

    Thread Starter zenmonkey111

    (@zenmonkey111)

    Great! Just emailed you the diagnostic. Thanks!!

    Plugin Support wfpeter

    (@wfpeter)

    Thanks for the diagnostic @zenmonkey111!

    I don’t see any issues whether that’s scan or configuration related. I don’t have reason to believe at this point that your .htaccess was modified by a malicious source and expect it was down to an expected update with WordPress or another plugin.

    I appreciate that your WP-Cron jobs don’t appear to be scheduled for exactly this time, but WordPress, like most PHP web applications, only actually run in response to a URL being accessed, and a request being made to the server so I think that’s what you’ve seen here.

    By all means if you see any suspicious activity or any files being flagged by Wordfence that you’re unsure about, you can send them to samples @ wordfence . com for analysis.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘.htaccess file modified’ is closed to new replies.