How to Disable PHP Execution to Improve Website's Security Using cPanel

How to Disable PHP Execution to Improve Website's Security Using cPanel

Code injection through a backdoor has become so familiar, and millions of websites get hacked every year. It’s vital to do everything you can to protect your website.

For a WordPress website, you should know that it’s a PHP-based CMS, and you should protect the server. You can accomplish this by disabling the PHP execution to the specific directories.

The hackers can pass the regular authentication ways, and can compromise with your website’s server. It takes place mostly via programming languages like PHP and JavaScript.

I am sure; you don’t want to take any chances. There are millions of websites running on WordPress, and that’s the reason WordPress attracts hackers.

You must protect your website.

You should follow the conventional methods to improve the security using a plugin or code editing. In this tutorial, I am going to provide a code which disables PHP execution.

Access the .htaccess File to Add a New Code Snippet

You may have already known that .htaccess is one of the vital files for a WordPress site. It handles many redirects and helps you improve the security.

For a non-techie user, it can be hard to find, because it’s a hidden file.

Well, for you convenient, I must tell you that you can edit the primary .htaccess file from Yoast SEO plugin, but not everyone uses this plugin.

It’s better to learn the manual method using cPanel.

If you’re a regular WordPress user, you may already know about the location of this file. But if you wish to disable PHP execution for a specific directory, you need to create a new file.

For now, follow these steps.

Step 1

Login to cPanel and open the File Manager.

How to Disable PHP Execution to Improve Website's Security Using cPanel

If you see any empty directory, you must open the public_html directory which is also known as the root directory. The website data is hosted in public_html.

Step 2

Search for the .htaccess file and right-click to edit.

You can also use the Edit option showing on the navigation menu of cPanel.

How to Disable PHP Execution to Improve Website's Security Using cPanel

Step 3

You will see a popup, click Edit and a new tab will open for you.

You can see the familiar coding lines, if you’re not a techie person, don’t be afraid.

How to Disable PHP Execution to Improve Website's Security Using cPanel

Paste this code snippet before # End WordPress.

<Files *.php>
deny from all
</Files>

Now, you have to save the changes. Click on Save Changes showing at the top-right corner.

You have successfully disabled PHP execution for your WordPress core, but it will be better if you can do it for some sensitive directories.

For example, you should secure the wp-content/uploads directory where all the media files are available.

How to Disable PHP Execution to Improve Website's Security Using cPanel

To do so, you need to navigate to the wp-content folder and open Uploads. As you know, there is no .htaccess file in this directory, so you have to create a new file.

It’s not so hard, the .htaccess file is a simple text file, and you can create it by clicking on the File option from the main navigation menu.

How to Disable PHP Execution to Improve Website's Security Using cPanel

Follow the following steps.

Step 1

A popup will appear, you have to fill out the name of the file “.htaccess” and click on the Create New File button.

How to Disable PHP Execution to Improve Website's Security Using cPanel

Step 2

Refresh the page, and you can see the file. Many people complain not to seeing this file; it’s because they may not have enabled to make the hidden files visible.

As you can see, the file has a dot prefix, which signifies that it’s a hidden file.

How to Disable PHP Execution to Improve Website's Security Using cPanel

Right-click to edit and paste the same code shown above. You don’t need to add anything extra in this file, because it controls only wp-content/uploads directory, not the whole website. Save the file, and you’re all set.

You can disable PHP execution for wp-includes by following the similar method.

I Hope You Can Improve Your Website Security by Disabling PHP Execution

In the last couple of years, I have realized that some WordPress users don’t prefer to deal with codes, well, to get along in this tech, it’s imperative to learn the basics.

I have shown you a step by step guide, you can follow it with no complication. To stop hackers from injecting any malicious PHP code in any of the website’s files, you must take this action.

I hope you will not face any difficulty. With your cPanel account, you can play around, learn to access the files and folders.

Conclusion

After reading this article, you may be wondering if you can accomplish the same task using a plugin. Of course, you can.

There are a few security plugins which allow you to secure your website’s directory. You have to do some research and make sure you backup your site and its database before making any changes.

Check out these top 3 VPS services:

Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Hostinger
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
Webdock
$1.05 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3

How to Add Custom CSS to Your WordPress Website in Different Ways

This how-to guide will have three different ways to add custom CSS to a WordPres
less than a minute
Bruno Mirchevski
Bruno Mirchevski
Hosting Expert

How to Add a WordPress Administrator User Using PHP Code

This how-to guide explains a different way to create a WordPress administrator u
less than a minute
Bruno Mirchevski
Bruno Mirchevski
Hosting Expert

How to Add Google Fonts to Your WordPress Website Without a Plugin

This is a how-to guide consisting of the code editing of the WordPress website t
less than a minute
Bruno Mirchevski
Bruno Mirchevski
Hosting Expert

How to Add Custom Code to Header and Footer Areas of a WordPress Website

The tutorial will have two methods of adding the custom code to the header and f
less than a minute
Bruno Mirchevski
Bruno Mirchevski
Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top