In this guide, we show how you can disable file execution in the uploads folder for WordPress.
The uploads folder is where all your images and other media are stored, so it needs to be writable. However, because it is writable it can also be abused by hackers, who can use it to upload and execute malware.
By disabling file execution you don't block the uploading of new files, but once there, the files won't execute, so hackers can't use them.
- Step 1 - Go to the uploads folder in File Manager
- Step 2 - Create a .htaccess file
- Step 3 - Edit the .htaccess file
- Step 4 - Paste in the code and Save
Step 1 - Go to the uploads folder in File Manager
- Log into the one.com control panel.
- Open File Manager under Files & Security.
- Navigate to wp-content > uploads - it is part of your WordPress installation.
Step 2 - Create a .htaccess file
- Click the arrow, next to the + upload button in the top-left corner.
- Select New other file in the drop-down menu.
- Name the file .htaccess.
Note: If a .htaccess file already exists in the uploads folder, then you don't need to create a new one. Simply add the code to the existing file, either at the top or the bottom.
Step 3 - Edit the .htaccess file
- Select the .htaccess file by checking the box in front of it.
- Click Edit in the top menu bar, towards the middle of your screen.
Step 4 - Paste in the code and Save
- Paste in the following code:
# Block executables <FilesMatch "\.(php|phtml|php3|php4|php5|pl|py|jsp|asp|html|htm|shtml|sh|cgi|suspected)$"> deny from all </FilesMatch>
- Click Save in the top menu bar.
That was all!
Related articles: