Help with malicious “AddHandler application/x-httpd-ea-php70.php ” issue.
-
Hi,
I was hoping to get some help. I am fairly IT and amateur code savvy, but I’m having this intermittent issue with my .htaccess file where SOMETHING or SOMEONE keeps on injecting this line “AddHandler application/x-httpd-ea-php70.php” into line 615 of my htaccess file, dropping the PhP version of my site down to 7.0 , basically visually “breaking” my site as most of the plugins require at least PhP 7.4 to run.
I had virus scans run by my hosting support, I have MALCARE installed on my side, I have 2FA login, have a HIDE MY LOGIN that changes the URL of the default wordpress login page etc…so I doubt if it is actually someone logging IN and doin this.
Everything is updated regularly and I just can’t seem to located the culprit or compromised plugin or anything perhaps that is causing this. I’ve been at this for MONTHS!!! I had wordpress core files rewritten, went through all the usual procedures that would fix most common issues.
I’ve even tried this solution at https://hoststud.com/resources/how-to-prevent-unauthorized-access-to-the-htaccess-file.944/ to see if I can prevent or limit access to the .htaccess file somehow!? Its not helping.
I’m not sure if there are some other file read/write permissions limiting tools or code or SOMETHING I can try to prevent that annoying line of code to be injected into my .htaccess file?
I’ve spent HOURS and HOURS with hosting support waiting around for the usual “allow me 7-10 mins to look into the issue” sessions. The temp fix by just deleting the line takes me 2mins now, but obviously I run a JOB APPLICATIONS website and I can’t afford my site to get “offline or broken” by this nonsense.
I can’t seem to find a solution ANYWHERE!? Where are the hardcoding days where websites are done from scratch without all these 3rd party plugins, that yes…does make the job a lot easier for amateurs…but DARN, the vulnerabilities drives me insane!!
Any suggestions or advice would be very much appreciated. I just don’t know enough about WordPress itself to know where to go and look of HOW to identify or trace this back to the source.
Thank you very much!The blog I need help with is: (visible only to logged in users)
-
Hi there,
Unfortunately, we cannot assist because ifa-jobs.com is not on WordPress.com but is a self-hosted WordPress.org site hosted with Namecheap. Have you specifically reached out to them yet?
https://www.namecheap.com/help-center/live-chat/
I also see that the domain is hosted with Go Daddy.To clarify:
- WordPress.com is a managed host platform that offers WordPress in a pre-customized server environment already set up for you to build your site. Hosting with WordPress.com is free, and the server, security, updates, and site optimization are all handled by us. We offer free and paid plans that provide additional features for your site based on your needs (plugins, custom themes, etc). You also have access to professional assistance via Happiness Engineers to address any issues you encounter.
- WordPress.org is a self-hosted platform, meaning you download the WordPress software and install it on a web server from a host of your choosing (Go Daddy, Bluehost, Hostgator, etc.). You have to pay the host when you’re self-hosting, and the server, security, updates, and site optimization are all handled by you. This gives you more flexibility and control of your plugins, themes, and code, but also more responsibility to ensure those things are operating correctly.
Our support page dives more into the differences:
https://en.support.wordpress.com/com-vs-org/
We welcome you to consider moving your site to WordPress.com, as we’d love to further help you. However, since you’re on a self-hosted platform, we do not have direct access to your account and therefore can’t directly address your issue.I recommend contacting Namecheap, as they would be better positioned to assist you since they have access to your account. Also, the open-source forum community is always available and prepared to help users with self-hosted sites:
https://wordpress.org/support/forum/how-to-and-troubleshooting/
Hope this helps.
- The topic ‘Help with malicious “AddHandler application/x-httpd-ea-php70.php ” issue.’ is closed to new replies.
WordPress.com Forums 