Most of the times, hacked WordPress sites usually have backdoor files. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/folders.
An easy way to improve your WordPress security is by disabling PHP execution for some WordPress directories.
How to Disable PHP Execution in WordPress Directories
Create a blank .htaccess file and paste this code inside it:
<Files *.php> deny from all </Files>
Then upload this file to /wp-content/uploads/ and /wp-includes/ directories.
That’s it!
If you enjoyed this tutorial, then you’ll love our support. All ChemiCloud’s hosting plans include 24/7 support from our amazing support team.
Check out our Managed WordPress hosting plans and have your website migrated today!