Difference between revisions of "How to Disable PHP Execution in Certain Directories"
(Created page with "===How to Disable PHP Execution in Certain Directories=== Having cleaned numerous WordPress hacks, in my experience most backdoor access files disguise themselves in /wp-incl...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 6: | Line 6: | ||
vim /var/www/html/wp-content/uploads/.htaccess | vim /var/www/html/wp-content/uploads/.htaccess | ||
| + | and | ||
vim /var/www/html/wp-includes/.htaccess | vim /var/www/html/wp-includes/.htaccess | ||
| + | |||
| + | Once the files are created paste the following in them. | ||
<Files *.php> | <Files *.php> | ||
| Line 14: | Line 17: | ||
Now upload this file in your /wp-content/uploads/ folder. You should also upload it in your /wp-includes/ folder. | Now upload this file in your /wp-content/uploads/ folder. You should also upload it in your /wp-includes/ folder. | ||
| − | + | ''Code Explanation: This code checks for any PHP file and denies access to it.''' | |
| − | ''' | + | |
| − | + | ||
'''Note: This is not a FIX for a hack. This is just a security hardening tip. | '''Note: This is not a FIX for a hack. This is just a security hardening tip. | ||
''' | ''' | ||
Latest revision as of 15:34, 13 May 2018
How to Disable PHP Execution in Certain Directories
Having cleaned numerous WordPress hacks, in my experience most backdoor access files disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not. One of the measures that you can take to improve your WordPress security is disabling PHP execution in certain WordPress directories. In this article, we will show you how you can use .htaccess file to disable PHP execution in a specific directory.
Create the .htaccess file in the following locations and upload the code below
vim /var/www/html/wp-content/uploads/.htaccess
and
vim /var/www/html/wp-includes/.htaccess
Once the files are created paste the following in them.
<Files *.php> deny from all </Files>
Now upload this file in your /wp-content/uploads/ folder. You should also upload it in your /wp-includes/ folder.
Code Explanation: This code checks for any PHP file and denies access to it.'
Note: This is not a FIX for a hack. This is just a security hardening tip.
