Disable file execution in the WordPress uploads folder

0
1
Disable file execution in the WordPress uploads folder

Disable file execution in the WordPress uploads folder

The uploads folder is where all your images and other media are stored, so it needs to be writable. However, because it is writable it can also be abused by hackers, who can use it to upload and execute malware.

By disabling file execution you don’t block the uploading of new files, but once there, the files won’t execute, so hackers can’t use them.

Go to the uploads folder in File Manager

  1. Log into the control panel.
  2. Open File Manager
  3. Navigate to wp-content > uploads – it is part of your WordPress installation.
  4. find .htaccess file and edit it. If you don’t have one, then you need to create anew file and save it as .htaccess
    1. Paste in the following code:
    Options -ExecCGI
    #Block javascript except for visualcomposer (VC) plugin
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^.*wp-content/uploads/visualcomposer-assets/.*\.js$
    RewriteRule ^(.*\.js)$ - [F,L]

and save the file.

This code will deny access to any .php files in the directory.

<Files *.php>
deny from all
</Files>
0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments