How to Disable PHP Execution in WordPress

Many blogs are being compromise due to weak security measure. Hackers use to upload malware to get access to your site. In this tutorial you will learn to disable PHP execution in specific WordPress directories implementing WordPress security measure that protect your blog from uninvited users.

WordPress folder or directory are writable by default which means you as well as unauthorized users can upload themes, plugins, images to your website easily. Disabling PHP execution in certain directories will prevent your blog from unauthorized user access that can upload malware in your website.

Disable PHP Execution in Certain WordPress Directories for Security Measure

Your WordPress blog have .htaccess files in the root folder of your website. .htaccess file is the configuration file used to alter the WordPress site configuration to enable or disable additional functionality. .htaccess file are automatically created in your root directory of your WordPress site.

You can also create .htaccess file and upload in particular directories of your blog to protect your site from backdoor access.

For better security measure, you need to create .htaccess file in /wp-include/ and /wp-content/uploads/ folder of your web server. You can do this by using FTP client such as FileZilla, CoreFTP or Cyberduck (MAC).

Create .htaccess File

In this guide FileZilla is used as FTP client. Connect to your web server using FTP client FileZilla.

Ftp connect to server

From the Server Section at the right-side double-click on public_html folder to open.

Open public html folder

You will see the WordPress core files and folders. Double-click on wp-content then uploads folder. Now, you are in /wp-content/uploads/ folder. Right click on the blank area of server section and click on create new file.

Disable PHP Execution in WordPress Directories

Enter the name of the file .htaccess in the box and click on OK button.

Disable PHP Execution in WordPress Directories

You have successfully created .htaccess file in /wp-content/uploads/ folder. Right click on .htaccess file and click on View/Edit.

Disable PHP Execution in WordPress Directories

You will see the message to choose the default file editor. Click on OK to continue.

Disable PHP Execution in WordPress Directories

It will open the file editor where you have to add the following code copying and pasting in the blank area of the notepad then click on file and save it. Do the same in /wp-includes/ folder.

<Files *.php>
deny from all
Disable PHP Execution in WordPress Directories

You will see the message to upload the file back to the server. Click on yes.

finish uploading

After adding the code in /wp-content/uploads/ and /wp-includes/ folders, PHP execution in those directories will be restricted and your blog will be secured from backdoor access.

This guide will help you to prevent your WordPress blog from being hacked. If your blog is already compromised then this security measure may not be helpful. When your blog compromise, we will see unusually activities done by the hackers such as traffic flood and database crash. This could be beyond you and need help from experts to implement firewalls in your blogs.

I will suggest you do get Sucuri protection that will stand in-front of your blog and protect from any kind of attacks.

Hope this guide on How to Disable PHP Execution in Certain WordPress Directories is helpful. You may also like to see the guide on best WordPress plugins that are essential for your blog security, performance, SEO and many more.

If this guide helped you, do not hesitate to share and follow us on facebook and twitter.

You may also like...