http://localhost:8080/trac/ticket/917 <p> Hi Chris </p> <p> Simon from Lumpy lemon has migrated Transition Culture. </p> <p> We only have WP admin access &amp; he was wondering: </p> <p> "Just one small question: can you check in the webroot folder on your server and let me know if there are any non-<a class="wiki" href="http://localhost:8080/trac/wiki/WordPress">WordPress</a> files in there? e.g. Google verification files, that sort of thing. I don't think there should be, but best to check. If there are, can you send them over." </p> <p> Thanks </p> <p> Sam </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/917 Trac 0.12.5 chris Thu, 14 Jul 2016 12:01:05 GMT http://localhost:8080/trac/ticket/917#comment:1 http://localhost:8080/trac/ticket/917#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.1</em> </li> </ul> <p> Here is a list of the files: </p> <pre class="wiki">cd /home/tc/sites/default/ ls -lah total 220K drwxr-x--- 5 tc tc 4.0K Jul 13 22:33 . drwx------ 3 tc tc 4.0K Dec 9 2013 .. -rw-r--r-- 1 tc tc 807 Jun 20 11:53 .htaccess -rw-r--r-- 1 tc tc 75 Dec 9 2013 .htaccess.bak -rw-r----- 1 tc tc 1.4K Feb 5 2008 favicon.ico -rw-r----- 1 tc tc 53 Oct 11 2012 google4ef510c6b847a9b0.html -rw-r----- 1 tc tc 418 Sep 25 2013 index.php -rw-r--r-- 1 tc tc 20K Jul 13 22:31 license.txt -rw-r----- 1 tc tc 1.7K Sep 3 2013 nginx.conf -rw-r--r-- 1 tc tc 7.2K Jun 21 18:35 readme.8e7c2d7e9f3ffd58f403928e7399990f.html -rw-r--r-- 1 tc tc 7.2K Jul 13 22:31 readme.html -rw-r----- 1 tc tc 0 Dec 8 2012 robots.txt -rw-r--r-- 1 tc tc 5.0K Jul 13 22:31 wp-activate.php drwxr-x--- 9 tc tc 4.0K Jul 13 22:31 wp-admin -rw-r--r-- 1 tc tc 364 Jul 13 22:31 wp-blog-header.php -rw-r--r-- 1 tc tc 1.5K Jul 13 22:31 wp-comments-post.php -rw-r--r-- 1 tc tc 2.8K Jul 13 22:31 wp-config-sample.php -rw-r----- 1 tc tc 1.6K Dec 10 2013 wp-config.php drwxr-x--- 10 tc tc 4.0K Jul 13 23:57 wp-content -rw-r--r-- 1 tc tc 3.3K Jul 13 22:31 wp-cron.php drwxr-x--- 16 tc tc 12K Jul 13 22:31 wp-includes -rw-r----- 1 tc tc 2.4K Sep 25 2013 wp-links-opml.php -rw-r--r-- 1 tc tc 3.3K Jul 13 22:31 wp-load.php -rw-r--r-- 1 tc tc 34K Jul 13 22:31 wp-login.php -rw-r--r-- 1 tc tc 7.8K Jul 13 22:31 wp-mail.php -rw-r--r-- 1 tc tc 13K Jul 13 22:31 wp-settings.php -rw-r--r-- 1 tc tc 28K Jul 13 22:31 wp-signup.php -rw-r--r-- 1 tc tc 4.0K May 19 2015 wp-trackback.php -rw-r--r-- 1 tc tc 3.0K Jul 13 22:31 xmlrpc.php </pre> Ticket chris Thu, 14 Jul 2016 12:03:04 GMT http://localhost:8080/trac/ticket/917#comment:2 http://localhost:8080/trac/ticket/917#comment:2 <p> This is the contents of the <tt>.htaccess</tt> file, Simon sould be able to get all the other files via HTTP, of course if he would like SSH access that can also be sorted out. </p> <pre class="wiki">Redirect /feed/ http://www.transitionnetwork.org/blogs/feed/rob-hopkins/ # This was being abused &lt;Files xmlrpc.php&gt; Order deny,allow deny from all &lt;/Files&gt; # BEGIN WordPress &lt;IfModule mod_rewrite.c&gt; RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] &lt;/IfModule&gt; # END WordPress # BEGIN WORDPRESS PLUGIN stop_xmlrpc_attack &lt;Files "xmlrpc.php"&gt; order deny,allow deny from all allow from 10.0.0.0/8 allow from 64.34.206.0/24 allow from 76.74.248.128/25 allow from 76.74.255.0/25 allow from 127.0.0.0/8 allow from 172.16.0.0/12 allow from 192.0.64.0/18 allow from 192.168.0.0/16 allow from 198.181.116.0/22 allow from 207.198.101.0/25 &lt;/Files&gt; # END WORDPRESS PLUGIN stop_xmlrpc_attack </pre> Ticket