She couldn't delete it directly – the attacker had locked the file permissions to 555 .
The code was simple but brutal:
https://veridianhome.com/.git/config
"I've stopped the redirect. But you're still compromised. The attacker has wp-config.php . Change every password. Salt the hashes. And for God's sake, remove wp-file-manager ." hacktricks wordpress
She opened her terminal. First, the basics. She couldn't delete it directly – the attacker