Here is what to do when you can no longer rewrite or delete HTACCESS due to WordPress malware infection (tampering).
HTACCESS becomes unwritable due to malware infection
The .htaccess file is a file created in the WordPress installation directory in which the WordPress permalink settings, etc. are written.
This file can be infiltrated by taking advantage of vulnerabilities in WordPress plug-ins, etc., and become the target of malware tampering, and malicious code can be written to redirect the site to another site or to prevent the use of administrative functions.
Why HTACCESS is not rewritable
After the hacker has tampered with HTACCESS, he/she may change the write permissions on the file so that it cannot be changed or deleted from the WordPress admin panel or server control panel.
In this case, the write permission of the HTACCESS is set to 444, which means that the file cannot be rewritten from the outside.
Make HTACCESS rewritable again
To make the HTACCESS file re-writable, you will need to connect directly to the server using FTP connection software such as FileZilla and change the file’s write permission to 755 or other writable permissions.
Some malware, however, constantly monitors HTACCESS changes and permissions, and may immediately tamper with or restore permissions.
Reference
HTACCESS and Index.php files that are instantly altered again in WordPress
In this case, it is necessary to inspect and remove the files that the hacker is using as the starting point of tampering, called backdoors, at the same time.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
