Hello r/wordpress!
Woke up this morning to find my wordpress site redirecting to some scammy looking eCommerce website. I'm unable to access the wp-admin page, upon attempt it either redirects me to another spam page, or at times I'll reach my homepage but will only stay at that page itself.
When looking into the wp-content folder, among others, I do see the same last modified date and time on many many .htaccess files. The content within these .htaccess files are below (Reddit formatting markup is bungling some of the code).
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^ index.php – [L]
RewriteRule ^ ..[pP][hH]. – [L]
RewriteRule .*.[sS][uU][sS][pP][eE][cC][tT][eE][dD] – [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>
This seems to be the content within dozens of .htaccess files and it instantly raised a red flag for me. I'm not a webmaster by any means but did some digging around and found a default .htaccess value. My question is could this be the sole issue in my redirect problem, and does anyone have guidance on a solution on how to resolve (replace the content with the default value?) or at least get logged into my wp-admin page?
Thanks for any assistance in advance – if there's further info I can gather to better shine some light please let me know.
Some additional info I’ve uncovered…
There are some folders and content within that I’m not familiar with.
I see a “aiowps_backups” folder and within it is a .htaccess.backup file – content within file in link below…
https://pastebin.com/qmjkidGV
Could this be a part of the issue or how all my other .htaccess files were adjusted? Could I some how use this to revert the affected .htaccess files back to their working values?
Your site has been hacked. It doesn’t really matter what has been done to your site – the actions you need to take are the same as an other hack – figure out the entry point, then clean up/reinstall.
Entry point is almost always via a plugin exploit, generally due to your site using an old, abandoned or nulled plugin.
Cleaning up basically involves deleting everything, including WordPress (but not wp-content/uploads) and reinstalling from known, clean sources (not a backup)