One of the important step that you can take for security of your wordpress blog is disabling code execution from WordPress Uploads directory.
This can be done by creating an .htaccess file as shown below and putting it in uploads “wp-content/uploads/” folder of your wordpress installation. This will prevent any PHP code in your uploads directory from executing.
This is an added level of protection against a hacker managing to upload PHP code into your “uploads” directory. Even if they manage to do that, the code won’t execute if you have this option enabled. The contents of the .htaccess file are below:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# BEGIN Wordfence code execution protection <IfModule mod_php5.c> php_flag engine 0 </IfModule> <IfModule mod_php7.c> php_flag engine 0 </IfModule> <IfModule mod_php.c> php_flag engine 0 </IfModule> AddHandler cgi–script .php .phtml .php3 .pl .py .jsp .asp .htm .shtml .sh .cgi Options –ExecCGI # END Wordfence code execution protection |
You can achieve this by yourself as described above or use WordPress Plugin like Wordfence to do it. It is available in Wordfence General Settings Section as shown below.
