Category Archives: SysAdmin

Blocking PHP Execution From ALL of Your WordPress Sites Upload Folders

When looking for advise on hardening your WordPress sites many blogs recommend adding the following in a .htaccess file in each sites upload folder:

1
2
3
<Files *.php>
Deny from All
</Files>

For those of us with a large amount of WordPress Sites, this is obviously labor prohibitive. If you have a regularized folder structure you may be able to do something like this:

1
2
3
4
5
6
<Directory /home/*/public_html/*/wp-content/uploads>
    <FilesMatch "\.(php|php\.)$">
        Order Allow,Deny
        Deny from all
    </FilesMatch>
</Directory>

And put it into a Apache configuration file as such:

WP-Block-Apache-Conf

And then enable it:

1
a2enconf block-wp-uploads-php.conf