How To Disable PHP Execution in WordPress Upload Directories

How To Disable PHP Execution in WordPress Upload Directories Via .htacess

Almost hacking is done via uploading PHP execution Either in wp-include or upload directory because upload directory is unprotected whats why Disable PHP Execution in WordPress Upload Directories. And Security of WordPress is the major concern of our blogging industry.


Gomahamaya ads banner


You may also be interested in FOMO Plugins, email marketing service, and Lead generation Plugins 


The executive doesn’t mean that we should kill all PHP execution happening in the WordPress directory. We have to kill the PHP file which the hackers are trying to upload on our WordPress directory and trying to executive it. Here you might be thinking why we can’t kill PHP execution in all directories because if you will open any file in WordPress you will find PHP script except style.css. That’s why we are not adding our kill PHP execution code in the main .htacess file If You will Upload Your code in the main .htacess file it will break your website 100%sure. In the case of the upload directory, only media files are there without any security so we have to kill execution there.


semrush Free trail banner


Steps require To disable PHP execution in WordPress upload directories

Kill PHP Script Execution In WordPress Upload Directory Via .htaccess Files


  • Login To your Cpanel, once you are logged in you, will find file manager Open that file manager


File manager1


  • Once You are inside the file manager you need to choose your domain if you have one domain then you should click on public_html and if you have multiple domains then you need to choose your domain which will be having names like


Public html




  • and inside public_html you will find the wp-content folder open that wp-content

wp content



  • Inside wp-content You will find uploads folder open that uploads folder





  • Inside the uploads folder, all files are related to media or it may contain some CSS files You need to create one file here with the name .htacess. Before you create a .htacess file. You need to make the .htacess file visible because it contains .extension so it’s a hidden file. So click on the setting option on the upper right side of your computer

setting inside cpanel


  • And here you need to select show hidden files (dotfiles) and click on the Save button

Show hidden files



  • And now you need to create the file with the name .htacess





  • Now you in-order to kill PHP execution in upload directories .you need to paste follow code inside the .htacess file and click on save.

actually your path will be public_html>wp-content>uploads>.htacesss

# Kill PHP Execution
<Files ~ "\.ph(?:p[345]?|t|tml)$">
   deny from all

Now bingo no more file execution You disable PHP execution in WordPress upload directories


Gomahamaya ads banner


Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment