How to Prevent htaccess from Getting Hacked

This is a continuation to my recent post about .htaccess hacks.

If your site is maliciously redirecting to a suspcious site, then most likely you got your .htaccess site hacked.

Here’s how to fix and prevent your .htaccess file from getting hacked (again).

  1. Make sure you have all .htacces files on the targeted server clear of malicious code including the code in the .htaccess file within the root file (public_html) if any.
  2. Confirm your sites on the same server are thoroughly cleaned without any other hidden shell codes. (check your server access logs to identify strange traffic!)
  3. Change all your passwords! This includes your hosting account, all existing FTP accounts, your site admin accounts, and your email. Close down unused FTP accounts and admin accounts.
  4. Blacklist any other IP besides yours for FTP access. If possible ask your host whether they have a FTP anti-bruteforce/firewall.
  5. Check whether you allow file upload from your site’s front-end. If possible, disable it or restrict the upload path to somewhere outside of the root folder (public_html folder).
  6. Scan your PC for malware. trojans, and viruses… I definitely recommend malwarebytes for this!
  7. Continue to watch for any weird activity on your site for several days. You could have missed something so be vigilant. One advice is to try searching your website via Google. Most times, when clicked from Google search results, if your site has been hacked, Google will display a malware warning on your browser.

If you have any questions, feel free to ask in the comments below! Good luck and don’t sweat!
Other Related Blogs and Interests

*I use affiliate links at no cost to you. If you choose to make a purchase through my link I make a small commission. Thank you for trusting my recommendations!

Leave a Comment