How to Stop PHP Execution in Specific WordPress Directories

Are you looking for a way to stop PHP execution in specific WordPress directories? Hackers are a serious problem that can cripple websites and steal personal information from any website. It’s a serious issue, which is why securing your WordPress website is extremely important. One of the most common hacker techniques is to get a file into the uploads directory and then execute PHP from it.

Many websites add multiple files to an upload directory on a daily basis. This makes it extremely difficult to identify what files may be from a hacker. A solution would be to block PHP execution from occurring in the uploads directory. Today, I will demonstrate how to stop PHP execution in specific WordPress directories.

Can This Negatively Impact My Website

Depending on which directory you choose, yes it can. This is not for beginners, if you decide to disable PHP execution in an important directory, your website can stop working. It is extremely important that you understand what you are doing before you disable any PHP execution.

Why disable PHP execution from the uploads directory? There should be zero PHP executions in the uploads directory. This means that stopping PHP executions in the uploads directory will not impact your website. It is completely safe to do and will improve WordPress security as a whole.

It is also important to understand that if your website has already been hacked, this is not a fix. This is a prevention measure. If you have been hacked, you will need to locate any files that have been compromised or added and delete them. Remember one of the most powerful tools a website has at its disposal is an up to date backup of their website.

How to Stop PHP Execution in Specific WordPress Directories

Today, I will demonstrate how to stop PHP execution in specific WordPress directories. You will not need any additional plugins to do this. Instead, you will simply need access to your website’s cPanel. The login information is provided to you by your web host when you create an account.

Since you will be editing files on the backend of the website, I strongly recommend creating a backup of your website now. This will ensure that if any mistakes were made, you can use the back up to revert your website to before the changes were made.

The steps shown in his tutorial work for other directories, but be aware that it can cause problems on your website.

Stopping PHP Execution in Uploads Directory

Let’s start by logging into the cPanel and clicking on the File Manager option. The File Manager will allow you to access all of the files related to your website.

You need to locate your uploads folder. Click on the public_html directory, then click on the wp-content folder. Inside this folder, you will find all of the content related to your website. Click on the uploads folder and enter the folder.

Once inside of the folder, click on the create new file option.

Name the file .htaccess and click on the “Create New File” button. Make sure the file is spelled correctly.

Right-click on the newly created .htaccess file and select the Edit option. A pop-up box will appear. Click on the “Edit” button.

This file should be completely blank. Copy and paste the following code into the .htaccess file:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]<Files *.php>
deny from all

Click on the “Save Changes” button.

Congratulations, you have successfully stopped any PHP executions from occurring in the uploads directory. You can create the same .htaccess file in other directories to block PHP executions, but I do not recommend it. It will generally cause more problems than it prevents.

Prevention Saves Websites

Many new web developers focus on what they can do once they have been hacked and that is the worst thing you can do. An ounce of prevention is worth a pound of cure. Setting up security plugins and improving the security of your website should be the first thing you do. Stopping a hack before it happens should always be the goal of any website.

Have you blocked PHP execution in another directory? What security measures have you taken to keep your website safe?

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copy link