Disable file execution in the WordPress uploads folder
The uploads folder is where all your images and other media are stored, so it needs to be writable. However, because it is writable it can also be abused by hackers, who can use it to upload and execute malware.
By disabling file execution you don’t block the uploading of new files, but once there, the files won’t execute, so hackers can’t use them.
Go to the uploads folder in File Manager
- Log into the control panel.
- Open File Manager
- Navigate to wp-content > uploads – it is part of your WordPress installation.
- find .htaccess file and edit it. If you don’t have one, then you need to create anew file and save it as .htaccess
- Paste in the following code:
and save the file.
This code will deny access to any .php files in the directory.
<Files *.php> deny from all </Files>