Topic: hacker code in the plugins firewall htaccess

hacker code in the plugins firewall htaccess

This topic has 6 replies, 2 voices, and was last updated 2 months, 1 week ago by AITpro Admin.

Viewing 7 posts - 1 through 7 (of 7 total)

Author

Posts
July 21, 2025 at 9:31 am #45146
pdlc
Participant
HI,

site WPress + WooCommerce up to date.

The BPS Pro Hidden Plugin Folders|Files (HPF) Cron has detected hacker code in the plugins firewall htaccess file. I delete the hacker code and activate the setup wizard, but the hacker code come back again and again.

what to do?

Thnaks for your help,

Monica
below : part of the hacker code
```
################################################################################################################################################################################################161.47$
# END PUBLIC IP
# BEGIN ADDITIONAL ROLES IP
RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.122$
RewriteCond %{REMOTE_ADDR} !^xxx.xxx.xxx.208$
RewriteCond %{REMOTE_ADDR} !^xx.xx.xxx.122$
# END ADDITIONAL ROLES IP
RewriteRule ^(.*)$ - [F]
```
July 21, 2025 at 9:40 am #45149
AITpro Admin
Keymaster

Most likely the Plugin Firewall .htaccess file does not contain hacker code and instead has been modified/altered in a way that BPS does not recognize it as a legitimate BPS Plugin Firewall .htaccess file.

Go to the Plugin Firewall feature, deactivate the Plugin Firewall and activate the Plugin Firewall.
July 21, 2025 at 9:48 am #45154
pdlc
Participant

I Go to the Plugin Firewall feature,

i deactivate the Plugin Firewall and i activate the Plugin Firewall.

No result, i see always the wired code …
July 21, 2025 at 9:49 am #45155
AITpro Admin
Keymaster

Ok send a WordPress Admin login to this website to: info@ait-pro.com.
July 21, 2025 at 10:17 am #45156
AITpro Admin
Keymaster

The problem is fixed and I am logged out of your site.

The problem was that this Plugin Firewall master file > /wp-content/plugins/bulletproof-security/admin/htaccess/plugins.htaccess somehow had hidden formatting characters copied into it. I have replaced the plugins.htaccess master file with the default htaccess code.
July 21, 2025 at 10:23 am #45157
pdlc
Participant

thanks a lot 🙂

do you have any idea where these hidden characters come from?
July 21, 2025 at 10:27 am #45158
AITpro Admin
Keymaster

Nope, but so far this has only happened to you. So this may be caused by some other plugin. About a year ago something changed with plugin urls. All of a sudden plugin urls started having Query Strings added to the end of urls by some plugin. Not sure which plugin started doing that. None of my sites have Query Strings added to plugin urls so it is not WordPress itself doing this. So this may be an additional problem that whichever plugin adds Query Strings to plugin urls is now doing some other dumb thing.
Author

Posts

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

BulletProof Security Forum

hacker code in the plugins firewall htaccess

Search Forums

Topic Tags