You should consider disabling execution of php files in below mentioned folder of a WordPress website to improve security.
- /wp-content
- /wp-content/uploads
- /wp-includes
This will harden security and provide protection from backdoor intrusion attacks to your WordPress website.
How to disable PHP files execution in these directories
Step 1:
Create a text file in following directories.
- /wp-includes
- /wp-content
- /wp-content/uploads
Step 2:
Rename this text file to .htaccess
Step 3:
Add following codes in each .htaccess file and save the file.
1 2 3 4 5 | # Disable php execution. <Files *.php> Order allow,deny Deny from all </Files> |
Done!!
Using Plugin
You can also perform same task by just few clicks using Sucuri Security plugin.
Install the plugin and from Settings -> Hardening Options you can apply these securities by just few clicks.

I hope this article was helpful to you. If you know any other method or plugin, please comment below.