Support
Web Development

How to disable PHP execution in certain WordPress directories?

Did you know that almost 1 out of 25 WordPress sites, are getting hacked?

According to Sucuri, WordPress installations were the target of 96.2% of all attacks that took place against CMS (Content Management Systems). The reasons and susceptibilities are varied with 61% of them involving non-updated versions of the CMS, plugins and theme.

In order to minimize the chances of our site getting hacked, we should take all the necessary measures to ensure maximum security for our site. In this article we will describe one of these ways.


Why should I restrict PHP execution on certain WordPress directories?


One of the common tactics that hackers use, is to upload infected files to the site's directories, thus creating backdoors through which they can gain full access to the site and the information of its users.

For that reason, by restricting PHP execution on specific folders of WordPress' installation, we prevent the triggering of various scripts that could be harmful to the security and smooth functioning of our site.


Disclaimer

It is very important to have knowledge and understanding of the following procedure to avoid unwanted problems. For example, adding these rules to a directory crucial to our website will cause a errors.



PHP execution restriction procedure

In this example we will restrict PHP execution to the wp-content/uploads. However, the same steps are followed for any other directory.

  • First things first, we navigate through cPanel to the File Manager.
  • Then, we open the desired folder. In our case the uploads folder.
  • If an .htaccess file already exists we right-click and edit. Otherwise, we create a new .htaccess file, right-click and edit.
  • Then we add the following three lines of code:

    <FilesMatch "\.(php|php\.)$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>

  • Finally, we click Save to save our changes.



To summarize, in this guide we have described how we can add another safety net to our WordPress installation by restricting PHP execution in certain directories.


However, we must permanently make sure that our website and the tools connected to it are updated to avoid any security vulnerabilities.






IPGLOBAL IKE   |  IP.GR Web Hosting and Domain Name registration services in Greece
Cookies Preferences
 Functional  Statistics  Marketing


You can see detailed information about the use of cookies on the page: Terms of use