https://security.stackexchange.com/questions/96000/how-did-the-hacker-get-access-to-my-wordpress-upload-folder 6 Once the file is uploaded to the server (exploiting a bug in a wordpress theme), the .htaccess is reconfigured in a way that any .txt file will be interpreted by the server as a .php script and it will follow symlinks. The next step …