Preventing PHP Execution in WordPress Uploads Folder

Preventing PHP Exectution in WordPress Uploads Folder

One of the ways hackers take over a WordPress site is once they gain access they uually upload their malicious PHP code to your Uploads Folder where you images and other files such as MP4s, PDFs .

The only files that should be in your Uploads folder is image files and video files and also if needed PDF files. If you ever see a PHP file in any folder in the Uploads folder chances are your WordPress site has been hacked.

Today we will share a simple method to prevent execution of PHP in your Uploads folder. In addition our code prevents a method that hackers use to get around this is by renaming files with a second file extension such as myimage.php.jpg in the hope that the file will be seen as a jpg and not a PHP file. Our code also prevents this action by checking for additionl extensions and if found will prevent the file from being uploaded or executed.

The code is as follows:-

To add this code you need to create a .htaccess file in your uploads folder and add the above code and save it.