.HTACCESS · WORDPRESS · CLEANED
.htaccess malware removal.
A few extra lines in .htaccess can redirect every mobile visitor, run PHP from your uploads folder, or hide spam pages from you while showing them to Google. I clean it, then harden it. Flat $279.
MECHANISM
.htaccess is small, powerful, and easy to miss.
WordPress only uses .htaccess for pretty permalinks — a handful of well-known lines. Attackers append rewrite rules, error-document handlers, and PHP execution overrides that send traffic where they want it and let them run code where they shouldn’t.
There can be more than one .htaccess on your install. I list every copy on the filesystem, compare each one against the WordPress default, and either clean or remove the ones that don’t belong.
0102 RewriteCond %{HTTP_USER_AGENT} mobile [NC] 03 RewriteCond %{HTTP_REFERER} google\.com [NC] 04 RewriteRule .* https://evil.example/ [R=302,L] 05 06 07 // A 302 conditioned on mobile + Google referrer 08 // is the signature of a cloaked redirect hack.
What I remove
Every .htaccess on the install, audited.
-
TRIAGE
Every .htaccess on the filesystem is found and read — root, wp-admin, wp-content, uploads, sometimes a few you didn’t know existed.
-
REWRITE RULES
Malicious rewrite rules and redirect directives stripped. The standard WordPress block is restored.
-
PHP HANDLERS
AddHandler and AddType directives that let PHP run from uploads or theme directories — removed.
-
HARDENING
Protective rules added: deny direct access to wp-config.php, block PHP execution in uploads, restrict xmlrpc.php.
-
GOOGLE
Reconsideration filed with Safe Browsing if the redirect triggered a warning. Search Console indexation re-requested.
-
REPORT
Plain-English forensic write-up, entry vector identified, before/after of each .htaccess included.
Pricing
Cleanup
$279
flat, one-time, per site
Manual cleanup, entry-vector identification, written forensic report.
Start a cleanupMonitoring
$29 / mo
per site, cancel any time
Continuous monitoring, hardening, one cleanup per year included.
Get protectedPart of threatover's broader security practice. Penetration testing, bug bounty consulting, triage, and security advisory.
See all services →Email [email protected] or use the contact form.