How to Disable PHP Execution in a WordPress Directory

4 min read(Last Updated On: December 31, 2017)

Hey. Hoz here with a new hack to help you with protecting your WP site.

Today, I’m going to show you how to disable PHP execution in a WordPress directory with just a line of code.

This will stop hackers (the correct term is crackers, but let’s not split hairs here…) and automated spam bots from compromising your WordPress blog or website with malware and any kind of infected file.

Quiz material: Cracker is the correct term for somebody who breaks into computer systems for illegally, not Hacker.Click To Tweet
One of the most common reasons behind WordPress malware and infections is that key directories are left unprotected.Click To Tweet

So this hack is a quick and easy way to harden your site’s security considerably. And all with a small snippet of code. Yay!

So let’s dig in my friend:

Advanced WordPress Security Tips With Htaccess File Hacks: Disabling PHP Execution

If you’re already a voodooist of the htaccess file variety, then let me give you the code right here and now. Otherwise, you can work your way down the step by step guide on this page.

Here’s the code to disable PHP execution in a WordPress directory of your choice:

haccess code disable php execution in directory
haccess code to disable PHP execution in directory

And here’s how we get this done:

The cPanel Method

  • log into your cPanel account
  • go to the correct account if you host multiple sites under the same account (this is obvious, but it’s one of those ‘these peanuts may contain peanuts’ moments for the thought-challenged…)
  • use the cPanel search bar to type file
  • the application icons should filter out and you should be left with File Manager
  • click on the File Manager icon (seriously…)
  • navigate your way to whatever directory you want to add the file, e.g. wp-uploads
  • hit the settings button in the top right and check that hidden files are enabled
  • click the +File button (top left) to create a new file
  • name it .htaccess
  • type in the code that you’ll see below, then save the file
  • you’re done!

The FTP Method

  • create the file in your computer using a text editor (e.g. TextWrangler)
  • save the file as htaccess (without the dot, to avoid it becoming invisible unlesss you have your settings set to show hidden files)
  • using your FTP client software (e.g. FileZilla) connect to your hosting account
  • navigate your way to whatever directory you want to add the file, e.g. wp-uploads
  • drag and drop the htaccess file to upload it to that directory
  • inside your FTP client, go ahead and rename the file to .htaccess
  • you’re done!

How to Disable PHP Execution in a WordPress Directory In Pictures

In cPanel, search for File Manager

cpanel file manager
cPanel file manager

Set the ‘show invisible files’ setting:

cpanel show hidden files
cPanel show hidden files

Navigate to a directory where you want to disable PHP execution – for example, wp-includes

cpanel file manager wordpress
Cpanel file manager WordPress

Create a file named .htaccess

cpanel create file
cPanel create file

Type in the code to disable PHP execution in a WordPress directory

disable PHP execution in a WordPress directory
haccess code to disable PHP execution in directory

Save the file

htaccess file save changes
htaccess file save changes

And of course, the video walkthrough on disabling PHP in .htaccess File is at the top of this post (yay!):

Here’s how to get to your htaccess file via cPanel – video walkthrough

Resources

  • you’ll need cPanel (if you need hosting, I use guru)
  • if you want to create the file in your computer and use the FTP method, I recommend using TextWrangler as your text editor (free)
  • you may also want to check out how I optimise my WordPress for speedhow I optimise my WordPress for speed

This was a Hoz tutorial featured on the Youtube Channel. Make sure you CLICK TO SUBSCRIBE to catch all the video updates!

Please Share This Content
Hey, I would really appreciate it if you share this content with your friends and followers :)?