Skip to main content

WordPress – Harden Security By Disabling PHP Execution in Certain Directories

Submitted by admin on Sat, 12/11/2021 - 07:55
You should consider disabling execution of php files in below mentioned folder of a WordPress website to improve security.

  • /wp-content
  • /wp-content/uploads
  • /wp-includes
This will harden security and provide protection from backdoor intrusion attacks to your WordPress website.

How to disable PHP files execution in these directories

Step 1:
Create a text file in following directories.

  1. /wp-includes
  2. /wp-content
  3. /wp-content/uploads

Step 2:
Rename this text file to .htaccess

Step 3:
Add following codes in each .htaccess file and save the file.

# Disable php execution.
<Files *.php>
Order allow,deny
Deny from all


Using Plugin

You can also perform same task by just few clicks using Sucuri Security plugin.

Install the plugin and from Settings -> Hardening Options you can apply these securities by just few clicks.


I hope this article was helpful to you. If you know any other method or plugin, please comment below.


Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.