How To Disable PHP Execution in WordPress Upload Directories Via .htacess
Almost hacking are done via uploading PHP execution Either in wp-include or in upload directory because upload directory are unprotected whats why Disable PHP Execution in WordPress Upload Directories . And Security of WordPress is the major concern of our blogging industry.
Executive doesn’t mean that we should kill all PHP execution happening in WordPress directory . We have to kill PHP file which the hackers are trying to upload on our WordPress directory and trying to executive it . Here you might be thinking why we can’t kill PHP execution in all directory its because if you will open any file in WordPress you will find PHP script except style.css . Thats why we are not adding our kill PHP execution code in main .htacess file If You will Upload Your code in main .htacess file it will break your website 100%sure . In case of upload directory only media files are there without any security so we have to kill execution there .
Steps require To disable PHP execution in WordPress upload directories
- Login To your cpanel once you are logged in you will find file manager Open that file manager
- Once You are inside file manager you need to choose your domain if you have one domain then you should click on public_html and if you have mutiple domain then you need to choose your domain which will be having name like example.com
- and inside public_html you will find wp-content folder open that wp-content
- Inside wp-content You will find uploads folder open that uploads folder
- Inside uploads folder all file are related to media or its may contain some css files You need to create one file here with name .htacess . Before you create .htacess file you You need to make htacess file visbile because it contain .extension so its a hidden file . So click on setting option in the upper right side of your computer
- And here you need to select show hidden files (dotfiles) and click on save button
- And Now you need to create file with name .htacess
- Now you in-order to kill php execution in upload directories .you need to paste follow code inside .htacess file and click on save
actually your path will be public_html>wp-content>uploads>.htacesss
# Kill PHP Execution <Files ~ "\.ph(?:p?|t|tml)$"> deny from all </Files>
Now bingo no more file execution You disable PHP execution in WordPress upload directories