How to stop wordpress from changing default .htaccess permissions to 444

Your site has likely been hacked. My site had the Darkleech infection, which injected some malicious code into wp-includes/nav-menu.php, causing .htaccess to reset to 444 on any page load.

I’d recommend you install the Sucuri plugin and let it restore any files that have been corrupted. Assuming your site was hacked, use their Post-Hack tab to reset plugins, passwords, and keys. Also check to make sure another admin user wasn’t created. Use their Hardening tab to secure as much as you can. You could also install Wordfence for more security.

If you make adjustments and the problem keeps coming back, you likely have a root-level breach on your server, and then you have to work with your hosting provider to try to clean out the infection.

Related Posts:

  1. Standard permissions for wordpress; Plugin installation asks for FTP credentials
  2. 403 Forbidden – You don’t have permission to access /wp-admin/admin-ajax.php on this server
  3. Error Message from W3 Total Cache when .htaccess Rules Cannot Be Modified? [closed]
  4. Prevent WordPress installing plugins and themes via Admin
  5. Linux Permissions and Ownership for WordPress
  6. WordPress FTP/media directory permissions problem?
  7. to perform the requested action wordpress needs to access your web server. please enter your ftp
  8. How can I stop WordPress from prompting me to enter FTP information when doing updates?
  9. wordpress on localhost lamp doesn’t let me install plugins
  10. Prompted for FTP details even with FS_DIRECT set to true
  11. Is there a way (plugin?) to restrict a user to being able to edit just one page?
  12. Security and .htaccess
  13. Can’t install new plugins because of the error “Could not create directory”
  14. Cannot install plugins even though www-data has write permissions
  15. Why does WordPress require a ftp server to be running on the webserver to transfer plugins?
  16. WP Config for FTP credentials
  17. How does WordPress update plugins, without running into permissions issues?
  18. Plugins won’t auto-update on IIS
  19. Add .html extension to custom post type taxonomies
  20. Leverage browser caching not working after updating .htaccess
  21. Can I ignore caching of a plugin in W3 Total Cache? [closed]
  22. Why would WordPress request FTP information when it can write to the file server?
  23. Upgrading WordPress 4.0 asks for FTP password
  24. How to install WordPress Multisite with different domains under the same subdirectory?
  25. WordPress roles – Protect administrator role
  26. htaccess and wordpress config files are regularly over written
  27. Could not create directory
  28. Creating Custom Roles for use on a WordPress Multi-site Instance?
  29. Moving WordPress from host without FTP?
  30. Can’t use the built-in wordpress install/upgrade plugin feature [closed]
  31. Plugin Expires Headers – W3 Total Cache [closed]
  32. How create a role with admin capability less 1 or 2?
  33. 500 Internal Server Error when updating htaccess
  34. Write to / remove from default .htaccess file from plugin?
  35. Restored WordPress on new Server – Can’t auto-update plugins
  36. Changed permalink structure. Need help with redirecting old posts
  37. Landing Page Redirect Chain | http->https->https www
  38. Possible htaccess configuration issue for HTTPS websites by WP Fastest Cache plugin? [closed]
  39. W3 Total cache “empty all caches” and no stylesheets render [closed]
  40. Getting WPTouch and W3 Total Cache to Work Together [closed]
  41. Install (enable) plugins on multisite, on localhost
  42. admin-ajax.php warning max input vars exceeded on layered pop plugins [closed]
  43. Reoccurring 404 Errors on all subpages
  44. Problem with updating a plugin
  45. Lock access to plugin options
  46. Is W3 Total Cache supposed to delete the local files after they are uploaded to CDN? [closed]
  47. plugin links not working [closed]
  48. Can’t Install Standard Plugins on a Local MAMP installation
  49. Redirect to another page using contact form 7? [closed]
  50. Why is the ‘Gutenberg’ Plugin generating an ‘Inconsistent File Permissions’ error when other Plugins, with the same permissions, do not?
  51. Custom url rewriting
  52. What are the correct permissions so WP doesn’t ask for FTP credentials if installing plugin?
  53. WordPress won’t allow for updates to plugins or WordPress Core
  54. To perform the requested action, WordPress needs to access your web > server
  55. WordPress permissions error with admin account
  56. WordPress unable to write files in the server
  57. WordPress rewrite rules not working
  58. Do rewrites added with add_rewrite_rule() persist after plugin deletion?
  59. Sociable buttons displaying seemingly at random [closed]
  60. How to hide plugin options for editors via functions.php
  61. What archive plugin works with W3 total cache? [closed]
  62. In a local wordpress installation, when I install a plugin it only offers me installation via FTP
  63. Memcaching recurring SQL Queries
  64. Add a parameter at the end of the url and prettify
  65. www redirects to another directory in wordpress
  66. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  67. See which user role / capability is needed to use a plugin
  68. My wp database has been hacked
  69. How can I disable W3 Total Cache Image Lazy Load for Specific Post Type?
  70. FTP access to NAS drive files/folders from WordPress site
  71. woocommerce with external ftp site
  72. How to make a plugin api route have permission?
  73. Permission Issues regarding Plugin updates & FTP transfers
  74. htaccess question and plugins.php
  75. Help Code Review – I need to write on .htaccess file from theme’s function.php
  76. WordPress Plugin Install / Update Problem
  77. WP-admin plugin installation via FTP silently fails on shared hosting
  78. Wordress admin page is fetching error You do not have sufficient permissions to access this page.
  79. WordPress Theme/Plugin Install (about FTP Connection)
  80. Admin page and admin menu. Permissions plugin
  81. SSH vs WordPress
  82. Site not displaying correctly when re-directing from root to sub-directory
  83. Plugins upload to wordpress in wampserver via filezilla
  84. W3 Total Cache Can’t Really Detect Things
  85. How To Rewrite WordPress Pages URL Only?
  86. using .htaccess only for wordpress security no plugins
  87. Apache rewrite rules and wordpress problem
  88. Problems with installing and deleting plugins
  89. Plugin (smart archives reloaded) crashed site / no access on admin panel
  90. Plugin not installing properly, functions being redeclared
  91. incorrect path of plugin dir on network
  92. Images not showing and plugins not installing on wordpress server move
  93. Problem with permissions in wp-content/plugins
  94. Making plugin to use different table prefix cause permission problem
  95. W3 Total Cache and IIS7 not doing much [closed]
  96. My WP site and password was hacked, what to do? [closed]
  97. ERROR: Cookies are blocked due to unexpected output – no access to FTP
  98. Browser Cache causes ‘Orderby=rand’ to return the same posts
  99. How to rewrite URL using .htaccess in WordPress Plugin
  100. Rewrite Rule in htaccess convert query string into slashes

Leave a Comment