Website security is a paramount concern for WordPress users, given the escalating number of users and corresponding threats. Over recent years, many website owners have experienced significant damage due to vulnerabilities, a situation no one desires.
Throughout my journey with WordPress, I’ve encountered various challenges, prompting me to prioritize the security of my website. It’s crucial to have a clear understanding of WordPress security practices, and one specific aspect involves protecting the wp-content/uploads directory.
As you may know, whenever media files like images, videos, or PDFs are uploaded, they reside in the media library, located in the wp-content/uploads directory of WordPress. Given that WordPress is a PHP-based Content Management System, PHP execution occurs each time a media file is uploaded, making it imperative to prevent this execution to enhance directory security.
The focus here is on the UPLOADS directory, nestled within the wp-content folder. While the title emphasizes only the wp-content folder, the actual concern lies in securing the UPLOADS directory, as other directories within wp-content, such as plugins, may require PHP access for proper functioning.
Where to Add the Code:
Considering the importance of the .htaccess file in controlling various tasks on a WordPress website, it becomes the key element for implementing security measures. However, a new file needs to be created in the wp-content/uploads directory rather than modifying the main .htaccess file.
Let’s walk through the process:
Step 1: Log in to your cPanel account provided by your web hosting company and access the File Manager, typically found under Files.
Step 2: Navigate to the root directory/public_html from the vertical navigation menu in cPanel and locate the wp-content folder.
Step 3: Within the wp-content folder, open the uploads folder, which contains all the media files of your WordPress website.
Step 4: Create a new file by clicking on “File” at the top-left corner of the main navigation menu in cPanel.
Step 5: In the popup, add the file name, ensuring the dot serves as the prefix for the .htaccess file. Take note of the path of your wp-content/uploads directory.
Step 6: Refresh the page, and you’ll see the newly created .htaccess file. Right-click to edit it.
In the editing tab, add the following code:
|
1 2 3 4 5 6 7 8 |
# Kill PHP Execution <Files ~ ".ph(?:p[345]?|t|tml)$"> deny from all </Files> |
Save the changes. This code effectively halts PHP execution in the wp-content/uploads directory.
If the process proceeds smoothly, congratulations! You have successfully disabled PHP execution for your wp-content/uploads directory, contributing to the enhanced security of your WordPress site.
