Prevent php files from being executed from the WordPress upload folder
The problem of protecting a site on WordPress quite serious, as in the standard package from the official site a lot is not taken into account. More likely, these mistakes were made, because many problems can be solved in different ways. Everyone must choose for themselves, how to defend.
In this lesson, I will not tell, how to secure your wordpress website, since this is the topic of more than one lesson, but not skillfully, you can spoil a lot. Today I will talk about the folder for uploading pictures and media files., and also how to protect this folder.
By default, WordPress does not allow php files to be uploaded from the admin panel., but their execution from the uploads folder permitted. If your site somehow uploaded malicious code to this folder, then it will not be difficult to run this code.
So that when you open a file php from a folder uploads did not run a virus or other malicious code, you need to create a file in the wp-content/uploads folder .htaccess, write code in it.
1 2 3 |
<Files *.php> deny from all </Files> |
/*
- Basic web design course;
- Site layout;
- General course on CMS WordPress and continuation of the course on template development;
- Website development in PHP.