Are you looking for a way to stop PHP execution in specific WordPress directories? Hackers are a serious problem that can cripple websites and steal personal information from any website.
In fact, 30,000 websites are hacked every single day.
It’s a serious issue, which is why securing your WordPress website is extremely important. One of the most common hacker techniques is to get a file into the uploads directory and then execute PHP from it.
Many websites add multiple files to an upload directory on a daily basis. This makes it extremely difficult to identify what files may be from a hacker.
A solution would be to block PHP execution from occurring in the uploads directory. Today, I will demonstrate how to stop PHP execution in specific WordPress directories.
Is It Safe to Disable the PHP Execution in Directories?
Depending on which directory you choose, it can be harmful. This is not for beginners, if you decide to disable PHP execution in an important directory, your website can stop working.
It is extremely important that you understand what you are doing before you disable any PHP execution.
Why disable PHP execution from the uploads directory? There should be zero PHP executions in the uploads directory. This means that stopping PHP executions in the uploads directory will not impact your website.
It is completely safe to do and will improve WordPress security as a whole.
It is also important to understand that if your website has already been hacked, this is not a fix. This is a prevention measure. If you have been hacked, you will need to locate any files that have been compromised or added and delete them.
Remember one of the most powerful tools a website has at its disposal is an up-to-date backup of its website.
Using the .htaccess File to Disable PHP Execution in Directories
Today, I will demonstrate how to stop PHP execution in specific WordPress directories. You will not need any additional plugins to do this. Instead, you will simply need access to your website’s cPanel.
The login information is provided to you with your website hosting account.
Since you will be editing files on the backend of the website, I strongly recommend creating a backup of your website now. This will ensure that if any mistakes were made, you can use the backup to revert your website to before the changes were made.
The steps in this tutorial work for other directories, but be aware that they can cause problems on your website.
Step 1: Locate the Uploads Folder
Let’s start by logging into the cPanel and clicking on the File Manager option. The File Manager will allow you to access all of the files related to your website.
You need to locate your uploads folder. Click on the public_html directory, then click on the wp-content folder. Inside this folder, you will find all of the content related to your website. Click on the uploads folder and enter the folder.
Step 2: Create .htaccess File
Once inside the folder, click on the create new file option.
Name the file .htaccess and click on the “Create New File” button. Make sure the file is spelled correctly.
Step 3: Add Code
All that’s actually left is to add the code to the newly created .htaccess file. All that entails is copying and pasting a few lines, so don’t worry. However, be aware that you can do a lot of things by modifying this file.
For instance, you can actually create a redirect using .htaccess in WordPress or update your permalink structure.
In any case, right-click on the newly created .htaccess file and select the Edit option. A pop-up box will appear. Click on the “Edit” button.
Copy and paste the following code into the .htaccess file:
deny from all
Click on the “Save Changes” button.
Congratulations, you have successfully stopped any PHP executions from occurring in the uploads directory.
You can create the same .htaccess file in other directories to block PHP executions, but I do not recommend it. It will generally cause more problems than it prevents.
Prevention Saves Websites
Many new web developers focus on what they can do once they have been hacked and that is the worst thing you can do.
An ounce of prevention is worth a pound of cure. Setting up security plugins and improving the security of your website should be the first thing you do. Stopping a hack before it happens should always be the goal of any website.
Have you blocked PHP execution in another directory? What security measures have you taken to keep your website safe?
What can I do if the upload folder already has a .htaccess file?
Please contact our support team.