How to Disable PHP Execution in Certain WordPress Directories

  1. Home
  2. Wordpress Solutions
  3. How to Disable PHP Execution in Certain WordPress Directories
how to disable php execution in certain directories with .htaccess file
3.6
(7)

WordPress is always uploading something on your server either its WordPress core update which re upload entire WordPress. Or its update or installation of a plugin or theme which uploads and executes the code on your server. There are more like wp-content/uploads/ where you or your users can upload images, pdf’s, videos and other allowed files.

While your website is not under your control completely because you are using plugins and themes from various other sources as well. Not sure which plugin allows a backdoor to wrong hands who can do something wrong with your website. And easily upload a malware into your WordPress website to bring you into problems.

As your server runs PHP language and all PHP files would be executed. PHP is powerful to read, write new files so any malicious code either can destroy your database or even can redirect your traffic to scam sites. Similarly hackers easily can steal your users information as well.

Yeah its very bad situation when you do not have control over everything.

As you know WordPress runs itself on PHP and there are various directories which you cannot disable PHP execution for otherwise WordPress would not work at all.

For example to run WordPress properly its required to execute PHP for certain directories without any problem. So you cannot disable PHP for following directories at all otherwise your website wouldn’t work.

  • public_html
  • wp-includes
  • wp-admin
  • wp-content
  • wp-content/themes/
  • wp-content/plugins/

So you can disable the PHP access to directories which you are sure doesn’t have to do anything for PHP execution for example wp-content/uploads/

In this article, we will show you how to disable PHP execution in WordPress wp-content/uploads directory using the .htaccess file.

Disabling PHP Execution in Certain WordPress Directories Using .htaccess File

Just like you use web.config in IIS server on linux servers we use .htaccess to give commands to server how to handle something. So most of WordPress installations are on Apache linux servers and .htaccess file gives instruction to servers how to handle SEO friendly url’s or permalinks. Set a password for admin area as well.

So you need similar .htaccess file to disable access or execution of PHP . Now what you can do?

  1. Open any IDE which you use or Notepad
  2. Enter the code given below
  3. Save file as .htaccess and in file type select All 
<Files *.php>
deny from all
</Files>

Now you should have a .htaccess file with above code which you can upload into your wp-content/uploads directory. And this will disable the PHP execution for your wp-content/uploads directory.

Please note this way you can disable the PHP execution for any directory as well.

Here is the video to watch for Disable PHP execution via .htaccess file.

How useful was this post?

Click on a star to rate it!

Average rating 3.6 / 5. Vote count: 7

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

About Ateeq Rafeeq

I am Ateeq Rafeeq with 10 to 13 years of experience with PHP and WordPress. I enjoy playing with my two little girls. Along i love to spend time coding with PHP making WordPress themes and plugins. I have a small company to develop websites and design websites. My hobbies are traveling and spending time with nature.

View all posts by Ateeq Rafeeq

Share:

Leave a Reply

×

Hello!

Click one of our contacts below to chat on WhatsApp

Do you have any questions?

× How can I help you?