How to Disable PHP Execution in WordPress Directories?

(not .htaccess.txt)

Step 2: Log in to cPanel and open File Manager

<img src=“https://lh6.googleusercontent.com/NFJvH7bI3iLWGwRrv_6rdcYbMvUQgz5WkUdueFP1IdaHHcYb6cuyQ2_iMVa7E615oajIT6ZUAPJkqnw0rKBiOl73x_LfZAlGZo1UyRUJKXTQwedEcU9Kv8Ct1YQKk27wElaNCMDX\” alt=“File Manager cPanel” width=“-175” height=“-98”/>

**Step 3: **Find the /uploads directory.

<img src=“https://serverguy.com/wp-content/uploads/2021/07/imageedit_6_2054915607.png\” alt=“WP Includes” class=“wp-image-61676” width=“427” height=“492”/>

You will find the list of all directories in the file manager. Open the /upload directory.

**Step 4: **Upload the TXT file we created in <a href=“#s1”>step 1.

<img src=“https://lh4.googleusercontent.com/XlVgRXQjQcrJMosI4Kg-PUcGVr2tC3fg9XTeOhmodHQT1FOwgCxEnPFWv5yB97cYvatmAisaS5_rhSJKllGa2qk2EavLIctY08aUoTOwZy4YyXDAK_VK7YWrzA_kHD-ZKFNtFkBk\” alt=“Disable PHP Execution in WordPress Directories” width=“-380” height=“-59”/>

If there is already an .htaccess file in the directory, you can add code to that .htaccess file.

And save it.

That’s it.

There will be no PHP execution in that directory anymore.

This trick will not help the <a href=“https://serverguy.com/wordpress/wordpress-site-is-hacked/\” data-type=“post” data-id=“60827”>hacked website. This is not a cure but a precaution. <a href=“https://serverguy.com/news/how-to-clean-hacked-wordpress-site/\” data-type=“post” data-id=“57201”>Cleaning a hacked WordPress website takes time, energy, and resources.

At ServerGuy, we provide managed WordPress hosting. A team of security experts keeps your website hack-free and actively defends the website from malicious attacks. <a href=“https://serverguy.com/managed-wordpress-hosting/\” data-type=“page” data-id=“17598”>Check the price.

**Also Read: **

• <a href=“https://serverguy.com/comparison/best-php-editor-php-ide/\” target=“_blank” rel=“noreferrer noopener”>Best PHP Editors and PHP IDE for the Development

• <a href=“https://serverguy.com/wordpress/automatically-log-out-idle-users-in-wordpress/\” target=“_blank” rel=“noreferrer noopener”>Automatically Log out Idle Users in WordPress

• <a href=“https://serverguy.com/wordpress/how-to-reduce-http-requests-in-wordpress/\” target=“_blank” rel=“noreferrer noopener”>How to Reduce HTTP Requests in WordPress?

Final Words

This 2-minute WordPress security task can save you a lot of trouble.

Besides that, you can <a href=“https://serverguy.com/wordpress/how-to-add-security-questions-to-wordpress-login-screen/\” data-type=“post” data-id=“61518”>add security questions to the login page, <a href=“https://serverguy.com/wordpress/how-to-change-wordpress-login-url/\” data-type=“post” data-id=“61363”>change the login URL, and <a href=“https://serverguy.com/wordpress/remove-wordpress-version-number/\” data-type=“post” data-id=“61089”>hide the WordPress version.

All of them help to take WordPress security to the next level.

I hope this quick tutorial helped you to learn how to disable PHP execution in WordPress directories.