Protecting the beloved website from evil hackers is always a matter that every website owner concerns about. Today, GretaThemes will introduce you to an effective way to protect your WordPress website from hacker attacks. It's disabling PHP execution in the uploads
folder in WordPress.
Sounds a bit technical, doesn't it? However, it's actually very easy, and anyone can do it within 5 minutes. But first, let me explain why we need to disable PHP execution in the uploads
folder in WordPress!
Why We Need to Disable PHP Execution in the uploads Folder
Normally, admin and authorized users can upload files to the uploads
folder. Hackers can take advantage of this to upload malicious files to the WordPress website if you don't manage user roles properly.
Especially, if your website has forms like contact form or post submission form, hackers can take advantage of these forms to upload malicious files (such as PHP files or images containing PHP code). By default, WordPress saves these files in the uploads
folder. If you don't disable PHP execution in this folder, hackers can run malicious code to hack your WordPress website. Therefore, when you prevent all users (except admin) from executing PHP in the uploads
folder, the uploaded files that contain malicious code won't be able to run.
There are many ways to disable PHP execution in the uploads
folder, and the easiest way is inserting code into the .htaccess
file.
Below is what we need to do:
How to Disable PHP Execution in the Uploads Folder
First of all, log in to the cPanel and choose File Manager.
Afterward, look for the uploads
folder:
Normally, every folder in WordPress has a .htaccess file
. To disable PHP execution in the uploads
folder, add the following code to the .htaccess
file in this folder:
<Files *.php> deny from all </Files>
In case the uploads
folder doesn't have the .htaccess
file, create a new one as follows:
On the toolbar, choose File > Create New File and set the name of the new file as .htaccess
:
Next, right-click the .htaccess
file and click Edit:
After that, add the above code to the .htaccess
file and click Save changes:
Okey-dokey! We've finished disabling PHP execution in the uploads
folder in WordPress.
Last Words
Disabling PHP execution in the uploads
folder in WordPress is extremely fast and simple. You just need to create the file, add only three lines of code and then save it. It takes less than 2 minutes. However, this simple task can help you avoid a lot of troubles, so don't hesitate to do it right away!
In addition to disabling PHP execution in the uploads
folder, you should also use security plugins to protect your WordPress website better. And through time, hackers will come up with more new sophisticated tricks to hack websites. Thus, don't forget to keep up to date with the latest news on WordPress website security at GretaThemes!
Top comments (0)