Connect with us

WordPress: How to Block PHP Execution by Directory?

solution

WordPress: How to Block PHP Execution by Directory?

Published on

We’ve seen numerous WordPress installations that have been hacked where the hackers have uploaded secret files into the wp-content and wp-includes folders that are named similarly to actual WordPress filenames, but are actually shell, malware or even mailer scripts which allow the hackers the use of your hosting account for their own devices.  These PHP scripts can wreak havoc on the server environment, get your IP blacklisted and force server admins to take your site down.  Here’s one tip we recommend to help prevent this from happening.

In order to block hackers from executing PHP scripts in these directories you can create an .htaccess file in these directories which tells the server PHP should NOT be run in them directly.  Here’s the code to place in a blank .htaccess file:

 <Files *.php>
 deny from all
 </Files>

 

You can then upload that .htaccess file to your wp-content and wp-includes folders.

Please Note: uploading this file to the wp-content folder can cause an issue with some themes and plugins, especially those using timthumb.php directly.  If that’s the case, just delete the file and all will be fixed.

READ  Fixing WordPress Fatal error: Class WP Post_Type not found
Continue Reading
You may also like...
Related Topics:

We are a WordPress plugin developer company that focuses on useful WordPress plugin creation and empowering people to earn passive incomes from their blogs. We build unique and groundbreaking plugins that will revolutionize your blog!

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in solution

    Sign up for our newsletter and get a free affiliate e-book!


    About Me:

    Szabi Kisded

    Hi, my name is Szabi and I'm documenting my journey selling plugins on CodeCanyon. I will show you every step of it: learning to code, plugin ideas, WordPress stuff and more. Read more…

    Mega Plugin Bundle:

    CodeCanyon Portfolio:

    Learn to Code Plugins:

    Latest Promotions:

    Recommended Theme:

    Start Your Own Blog:

    Recommended VPN Service:

    Translate Your Blog:

    AdSense Alternative:

    Best Article Spinner:

    Popular Posts:

    blogging

    Global Better Ads Standards: Google Chrome will enforce it globally – What to do next?

    wordpress

    Benchmarking WordPress with Apache Bench

    blogging

    What is a Sponsored Post? How much should I charge for it?

    wordpress

    5 awesome Chrome extensions making WordPress better

    business

    8 Tips for Managing Freelance Work and Kids During Summer Vacation

    Latest Posts:

    blogging

    Performance optimization, the new snake oil!

    By July 18, 2019

    miscellaneous

    Why I really hated Google Plus while it existed

    By July 17, 2019

    blogging

    Server feeling slow? Look for bots!

    By July 16, 2019

    wordpress

    How To Create a WordPress E-commerce Store?

    By July 15, 2019

    blogging

    Will CDNs become a necessity one day?

    By July 14, 2019
    To Top

    Privacy Preference Center

        Consent Management

        This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.

        Necessary

        Advertising

        Analytics

        Other