HostOnNet Blog

Disable PHP Execution in WordPress Uploads Folder

Looking for Linux Server Admin or WordPress Expert? We can help.

In most cases the hacker uploading the backdoor files to the uploads folder.

Disabling PHP execution in this folder will prevent malicious PHP file being uploaded and consequently executed on the server.

Follow these steps to disable php execution in specific folders.

Create an .htaccess file with the following content.

<Files *.php>
deny from all

Upload this file to the uploads folder.


This code checks for any PHP file and denies access to it.

Posted in Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.