szbl/.htaccess

Created April 17, 2013 14:06

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/szbl/5404571.js"></script>
Save szbl/5404571 to your computer and use it in GitHub Desktop.

Download ZIP

Stop direct PHP execution via URL in directories like /wp-content/uploads/, certain plugins, etc.

Raw

	<Files *.php>
	deny from all
	</Files>

Author

szbl commented Apr 17, 2013

This should stop remote PHP code execution. Ideally, this should be in the /wp-content/ directory and have affect recursively. There is no reason for PHP to be executed via URL in this directory within a WordPress installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment