WordPress – Harden Security By Disabling PHP Execution in Certain Directories

You should consider disabling execution of php files in below mentioned folder of a WordPress website to improve security.

  • /wp-content
  • /wp-content/uploads
  • /wp-includes

This will harden security and provide protection from backdoor intrusion attacks to your WordPress website.

How to disable PHP files execution in these directories

Step 1:
Create a text file in following directories.

  1. /wp-includes
  2. /wp-content
  3. /wp-content/uploads

Step 2:
Rename this text file to .htaccess

Step 3:
Add following codes in each .htaccess file and save the file.

# Disable php execution.
<Files *.php>
Order allow,deny
Deny from all


Using Plugin

You can also perform same task by just few clicks using Sucuri Security plugin.

Install the plugin and from Settings -> Hardening Options you can apply these securities by just few clicks.


I hope this article was helpful to you. If you know any other method or plugin, please comment below.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *