Code injection through a backdoor has become so familiar, and millions of websites get hacked every year. It's vital to do everything you can to protect your website.
For a WordPress website, you should know that it's a PHP-based CMS, and you should protect the server. You can accomplish this by disabling the PHP execution to the specific directories.
I am sure; you don't want to take any chances. There are millions of websites running on WordPress, and that's the reason WordPress attracts hackers.
You must protect your website.
You should follow the conventional methods to improve the security using a plugin or code editing. In this tutorial, I am going to provide a code which disables PHP execution.
Access the .htaccess File to Add a New Code Snippet
You may have already known that .htaccess is one of the vital files for a WordPress site. It handles many redirects and helps you improve the security.
For a non-techie user, it can be hard to find, because it's a hidden file.
Well, for you convenient, I must tell you that you can edit the primary .htaccess file from Yoast SEO plugin, but not everyone uses this plugin.
It's better to learn the manual method using cPanel.
If you're a regular WordPress user, you may already know about the location of this file. But if you wish to disable PHP execution for a specific directory, you need to create a new file.
For now, follow these steps.
Login to cPanel and open the File Manager.
If you see any empty directory, you must open the public_html directory which is also known as the root directory. The website data is hosted in public_html.
Search for the .htaccess file and right-click to edit. You can also use the Edit option showing on the navigation menu of cPanel.
You will see a popup, click Edit and a new tab will open for you. You can see the familiar coding lines, if you're not a techie person, don't be afraid.
Paste this code snippet before # End WordPress.
<Files *.php> deny from all </Files>
Now, you have to save the changes. Click on Save Changes showing at the top-right corner.
You have successfully disabled PHP execution for your WordPress core, but it will be better if you can do it for some sensitive directories.
For example, you should secure the wp-content/uploads directory where all the media files are available.
To do so, you need to navigate to the wp-content folder and open Uploads. As you know, there is no .htaccess file in this directory, so you have to create a new file.
It's not so hard, the .htaccess file is a simple text file, and you can create it by clicking on the File option from the main navigation menu.
Follow the following steps.
A popup will appear, you have to fill out the name of the file ".htaccess" and click on the Create New File button.
Refresh the page, and you can see the file. Many people complain not to seeing this file; it's because they may not have enabled to make the hidden files visible.
As you can see, the file has a dot prefix, which signifies that it's a hidden file.
Right-click to edit and paste the same code shown above. You don't need to add anything extra in this file, because it controls only wp-content/uploads directory, not the whole website. Save the file, and you're all set.
You can disable PHP execution for wp-includes by following the similar method.
I Hope You Can Improve Your Website Security by Disabling PHP Execution
In the last couple of years, I have realized that some WordPress users don't prefer to deal with codes, well, to get along in this tech, it's imperative to learn the basics.
I have shown you a step by step guide, you can follow it with no complication. To stop hackers from injecting any malicious PHP code in any of the website's files, you must take this action.
I hope you will not face any difficulty. With your cPanel account, you can play around, learn to access the files and folders.
After reading this article, you may be wondering if you can accomplish the same task using a plugin. Of course, you can.
There are a few security plugins which allow you to secure your website's directory. You have to do some research and make sure you backup your site and its database before making any changes.
Check out these top 3 VPS services: