WordPress – Harden Security By Disabling PHP Execution in Certain Directories

July 26, 2019
wordpress-security-disable-php
You should consider disabling execution of php files in below mentioned folder of a WordPress website to improve security.

  • /wp-content
  • /wp-content/uploads
  • /wp-includes

This will harden security and provide protection from backdoor intrusion attacks to your WordPress website.

How to disable PHP files execution in these directories

Step 1:
Create a text file in following directories.

  1. /wp-includes
  2. /wp-content
  3. /wp-content/uploads

Step 2:
Rename this text file to .htaccess

Step 3:
Add following codes in each .htaccess file and save the file.

1
2
3
4
5
# Disable php execution.
<Files *.php>
Order allow,deny
Deny from all
</Files>

Done!!

Using Plugin

You can also perform same task by just few clicks using Sucuri Security plugin.

Install the plugin and from Settings -> Hardening Options you can apply these securities by just few clicks.

wordpress-sucuri-disable-php

I hope this article was helpful to you. If you know any other method or plugin, please comment below.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *