How To Disable PHP Execution in WordPress Upload Directories Via .htacess
Almost hacking is done via uploading PHP execution Either in wp-include or upload directory because upload directory is unprotected whats why Disable PHP Execution in WordPress Upload Directories. And Security of WordPress is the major concern of our blogging industry.
The executive doesn’t mean that we should kill all PHP execution happening in the WordPress directory. We have to kill the PHP file which the hackers are trying to upload on our WordPress directory and trying to executive it. Here you might be thinking why we can’t kill PHP execution in all directories because if you will open any file in WordPress you will find PHP script except style.css. That’s why we are not adding our kill PHP execution code in the main .htacess file If You will Upload Your code in the main .htacess file it will break your website 100%sure. In the case of the upload directory, only media files are there without any security so we have to kill execution there.
Steps require To disable PHP execution in WordPress upload directories
- Login To your Cpanel, once you are logged in you, will find file manager Open that file manager
- Once You are inside the file manager you need to choose your domain if you have one domain then you should click on public_html and if you have multiple domains then you need to choose your domain which will be having names like example.com
- and inside public_html you will find the wp-content folder open that wp-content
- Inside wp-content You will find uploads folder open that uploads folder
- Inside the uploads folder, all files are related to media or it may contain some CSS files You need to create one file here with the name .htacess. Before you create a .htacess file. You need to make the .htacess file visible because it contains .extension so it’s a hidden file. So click on the setting option on the upper right side of your computer
- And here you need to select show hidden files (dotfiles) and click on the Save button
- And now you need to create the file with the name .htacess
- Now you in-order to kill PHP execution in upload directories .you need to paste follow code inside the .htacess file and click on save.
actually your path will be public_html>wp-content>uploads>.htacesss
# Kill PHP Execution <Files ~ "\.ph(?:p?|t|tml)$"> deny from all </Files>
Now bingo no more file execution You disable PHP execution in WordPress upload directories