Do htaccess / chmod rules exclude each other?

Asked by manuel_alarcon (299

) March 12th, 2015

Hi, I had a website hacked the other day, and the hosting’s support guy told me that the security of my website was weak; So he recommended change the default names fot the wordpress system; I renamed the wp-content folder name, but can’t change (efficiently) the wp-admin folder name; so I secured it by using htaccess rules. But I secured it so much, that the images used by the site were blocked. So, I changed the chmod for the upload folder. Then came the doubt: If I secure a folder using chmod, does this override the htaccess settings? Which one of these two settings is more reliable? I think they might work on different levels, but I don’t really know which is more secure.

Observing members: 0

Composing members: 0

4 Answers

First.. You are fucked… This is beyond being fixed. Just plan starting from scratch. Do you have a backup of the database?

For all I know they have root on the server so short of nuking the server still leaves you vulnerable.

Fixing wordpress puts food in my belly

johnpowell (17881

)“Great Answer” (3

) Flag as…

@johnpowell Yes, I already did it, the website was small, So I made a fresh installation and copied the content. But, that is not the problem.

manuel_alarcon (299

)“Great Answer” (0

) Flag as…

Are you using a strong password and have you changed SSH port?

And by strong password I mean something like 18cf5d8c88506ad3251f3e9fa62fcce

All my passwords are a variation of that. And for the love of god with Wordpress is mostly hacked through shitty plug-ins. Don’t use them and if you must make sure they are updated. This is a daily job.

johnpowell (17881

)“Great Answer” (3

) Flag as…

I don’t like stuffing WP with plugins, all the whistles and bells I use I try to code myself.
But my question goes beyond WP @johnpowell

manuel_alarcon (299

)“Great Answer” (0

) Flag as…