I had a site with old code that kept getting hacked once a week – .htaccess and a few other files would be overwritten … I completely redid the website to be a simple wordpress site with Elementor, and sadly, the same thing happened again!
Basically, whenever the malicious code was added to the server, it would redirect all links to the home page.
Here is the htaccess file:
RewriteEngine On RewriteBase / RewriteRule ^(index|wp-admin|wp-include|wp-comment|wp-loader|wp-corn-sample|wp-logln|output|about|admin|randkeyword|readurl|wp-ver).php$ – [L] RewriteRule ^..[pP][hH]. index.php [L] RewriteRule ^.*.[sS][uU][sS][pP][eE][cC][tT][eE][dD] index.php [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L]
Note that one file name that was added was called “wp-corn-sample.php” (yes corn, not cron). Does anyone know anything about this at all, or know how to stop it? Wordfence simply isn’t picking it up at all.