How to Disable PHP Execution to Secure Your WordPress Web Server

How to Disable PHP Execution to Secure Your WordPress Web ServerPin

WordPress makes certain directories can be written. The WordPress folder or directory can be written by default, which means that you and authorized users can easily upload themes, add-ons and images to your website. Disabling the execution of PHP in certain directories will prevent your blog from accessing unauthorized users who can load malware on your website.

Hackers can exploit these writable directories by loading malicious PHP code in them and running them remotely to wreak havoc on their site.

A simple way to disable PHP execution is to place a special code in the .htacess file of that specific folder where you want to disable PHP execution.

We Will Create Or Edit The .htaccess File With Filezilla

WordPress has an .htaccess file in the root folder of your website. The .htaccess file is the configuration file used to edit the WordPress site settings to enable or disable additional features. The .htaccess files are automatically created in the root directory of your WordPress site.

In the event that this file does not exist, you can create one and upload it to particular directories of your blog to protect your site, /wp-includes/ and /wp-content/uploads/ directories.

<Files *.php> 
Order Allow,Deny 
Deny from all 
</Files>

We Will Create Or Edit The .htaccess File With cPanel

In this case we will enter the cPanel of our host.
Go to cPanel File Manager.

How to Disable PHP Execution to Secure Your WordPress Web Server Step 1Pin

We can see that in Upload there is no .htaccess file, in this case we have to create it.

How to Disable PHP Execution to Secure Your WordPress Web Server Step 2Pin

At the top left we will select “File”, now in the new window we will only have to write the name of our file.

How to Disable PHP Execution to Secure Your WordPress Web Server Step 3Pin

We click on the right mouse button on the file we want to edit.

How to Disable PHP Execution to Secure Your WordPress Web Server Step 4Pin

We copy the code and paste it in the editor that opens.

How to Disable PHP Execution to Secure Your WordPress Web Server Step 5Pin

Save Changes.

Remember to take backups of your site before modifying the .htaccess files. One mistake can cause major problems on your site. Backups will ensure that you can quickly revert to a working copy of your site when an issue crops up.

Leave a Reply

Your email address will not be published. Required fields are marked *

9