1. Home
  2. Applications Management
  3. WordPress
  4. How to Disable PHP Execution in WordPress Directories

How to Disable PHP Execution in WordPress Directories

Most of the times, hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/folders.

An easy way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

How to Disable PHP Execution in WordPress Directories

Create a blank .htaccess file and paste this code inside it:

<Files *.php>
deny from all
</Files>

Then upload this file to /wp-content/uploads/ and /wp-includes/ directories.

That’s it!

If you enjoyed this tutorial, then you’ll love our support. All ChemiCloud’s hosting plans include 24/7 support from our amazing support team. Check out our WordPress hosting plans and have your website migrated today!

Updated on April 18, 2020

Was this article helpful?

Related Articles

Need help?
We're always here for you. Submit a ticket or Chat with a live person.
Submit Ticket

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.