Hello.
I have some problems.
My site was hacked and now i do better protection.
I have deleted all files from server and entire database)
I have changed hosting password, install clear last version of wp and 1 new free wp theme from wordpress.org (theme cheked on themecheck.org – and cleared)
I have created new DB with new name, new prefix, new pass.
A have changed ftp pass.
I install BPS and some plugings. Also i have renamed wp-login.php to random generated word with 10+ characters.
And use autoreplace inside this file to replace wp-login.php to mynewname.php (example)
and replace wp-login.php inside file general-template.php to mynewname.php
After that i see 403 error and can’t login on my site by
mysite.com\mynewname.php
Also if i write
mysite.com\wp-admin – it redirects to mysite.com\mynewname.php and i also see 403 error)
my .htacess file contains XML-RPC protection bonus code, brute-force protection bonus code, POST Request Attack Protection and deny all protection for wp-login.php (to reduce site load)
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]
<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
#Allow from x.x.x.
Deny from all
Order Deny,Allow
Deny from all
RewriteCond %{REQUEST_METHOD} POST [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
p.s. right now hackers sends more than 170 POST Request and more than 110 GET Request to my site.
They wants to hack me with /xmlrpc.php) Because of that i can’t delete .htaccess from root folder.
Without that – i can’t login.
And i have dinamic IP.
.
