By default, WordPress makes positive directories writeable so that you and different legal users on your website can effortlessly add issues, plugins, pics, and films to your website.
However, this capability may be abused if it receives within the incorrect hand together with hackers who can use it to add backdoor access files or malware to your website.
These malicious documents are regularly disguised as middle WordPress documents. They are often written in PHP and can run within the history to gain complete get entry to every issue of your website.
Sounds horrifying, right?
Don’t worry there’s an easy restoration for that. Basically, you’d actually disable PHP execution in sure directories wherein you don’t want it. Doing so, any PHP documents will no longer run internal the one’s directories.
In this article, we are able to show you the way to disable PHP execution in WordPress by the use of a .htaccess report.
Disabling PHP Execution in Certain WordPress Directories Using .htaccess File
Most WordPress websites have a .htaccess report in the root folder. This is a powerful configuration document used to password protect the admin vicinity, disable listing browsing, generate search engine optimization friendly URL shape, and more.
By default, the .htaccess report is positioned in your WordPress website’s root folder, but you can also create and use it internal your internal WordPress directories.
To shield your website from backdoor get admission to documents, you want to create a . Htaccess report and upload it in your website’s/wp-consists of/ and /wp-content/uploads/ directories.
Simply create a clean report for your laptop via using a textual content editor like Notepad (TextEdit on Mac). Save the report as .ataccess and paste the subsequent code inner it.
<Files *.php>
deny from all
</Files>
Now shop the record on your pc.
Next, you want to add this report to /wp-includes/ and /wp-content/uploads/ folders for your WordPress hosting server.
You can upload it by way of the use of an FTP customer or thru the File Manager app to your web hosting account’s cPanel dashboard.
Once the .htaccess report with the above code is delivered, it’s going to prevent any PHP record to run in these directories.
Using this .htaccess trick facilitates you to harden your WordPress security, but it is not a FIX for an already hacked WordPress site.
Backdoors are cleverly disguised and may already be hidden in undeniable sight.
If you want to test for possible backdoors for your website, then you need to activate Sucuri on your WordPress site.
The Best WordPress Security plugin
Sucuri is the satisfactory WordPress protection plugin on the market. It scans your website for viable threats, suspicious code, malware, and vulnerabilities.
It additionally effectively blocks maximum hacking attempts to even attain your website by using adding a firewall among your site and suspicious site visitors.
Most importantly, if your WordPress site receives hacked, then they will easy it up for you. To examine greater, you may check our Sucuri assessment because we were the usage of their provider for years.
We wish this article helped you to learn how to disable PHP execution in positive WordPress directories to harden your internet site safety. If you are searching out an entire guide, take a look at out our final WordPress security manual.