Having cleaned fairly just a few WordPress hacks, in our experience most backdoor entry data disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ itemizing. Typically these are .php data with names that some what seems as if WordPress core data, nevertheless they don’t seem to be. Considered one of many measures you may take to reinforce your WordPress security is disabling PHP execution in positive WordPress directories. On this text, we’ll current you methods it is best to make the most of .htaccess file to disable PHP execution in a specific itemizing.
Create a clear file in a textual content material editor. Identify it .htaccess and paste the following code in there:
Now add this file in your /wp-content/uploads/ folder. You should additionally add it in your /wp-includes/ folder.
Code Rationalization: This code checks for any PHP file and denies entry to it.
This textual content is in response to one among many Quora questions, an individual requested if it was attainable to harden your site’s security with .htaccess file. Considered one of many concepts we talked about was disabling PHP execution throughout the uploads itemizing.
Bear in mind: This is not a FIX for a hack. That’s solely a security hardening tip.
Should you’re aware of your WordPress security, then we suggest you purchase Sucuri Monitoring service. Listed below are 5 reasons why we are using Sucuri on our websites. The worth comes proper right down to roughly ~$Three per 30 days per site granted that you just get a 5 site bundle deal.