Reply To: Attack against wp-config.php~ (with a tilde)
How does the file with the .php~ get on the server in the first place? Several text editors, particularly Unix ones like emacs, automatically create a “backup” copy of any file you edit, giving the...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
How does the file with the .php~ get on the server in the first place? Did the person upload it separately from the normal .php file? So are there two different files on the server (one .php and one...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
Thanks t31os. I don’t have any file ending with tilde. I am just trying to educate myself to best protect the WP installation.
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
You should check the module is available first, not just assume it is.. <IfModule mod_rewrite.c> # rule </IfModule> https://httpd.apache.org/docs/2.0/mod/core.html#ifmodule
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
That’s the entire thing that goes in the .htaccess file, just the two lines. The first line enables Apache’s “RewriteEngine” if it’s not already on. The second looks for filenames ending in “.php~”,...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
You should wrap that in a module check. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule \.php~$ - [F,L] </IfModule> And place it above the WordPress rules in the htaccess file, but...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
Thanks a lot tigertech. RewriteEngine On RewriteRule \.php~$ – [forbidden,last] As I am not a programmer, dev,or designer, I just want to make sure if this is the complete snippet. If this is not...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
What would be the snippet? Oh, you could do something like this: RewriteEngine On RewriteRule \.php~$ - [forbidden,last]
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
Hi tigertech, Thanks for sharing. Good info. .htaccess rules could include a line to forbid requests for “.php~” files. How? What would be the snippet? I use my own .htaccess in the root folder of WP,...
View ArticleAttack against wp-config.php~ (with a tilde)
I work at a hosting company where one of our customer’s WordPress sites was hacked today. It was done by a “hacker” who discovered the WordPress database password due to an unfortunate user error. The...
View Article