Can I prevent PHP exectution in uploads directory? | WordPress.org

salimfadhley
(@salimfadhley)

14 years, 8 months ago

A number of WP installations which I manage seem to be falling prey to hackers on a very regular basis: The hackers seem to be able to upload PHP scripts via WordPress and then execute the payload at their leisure.

I’d like to fix it so that PHP in the uploads folder cannot be executed, so even if the hackers manage to upload some malware they cannot execute it. Any suggestions how I can proceed?

I’m guessing that there must be something which I can put into the .htaccess or apache virtual-hosts config file to prevent certain types of files from being executed?

Thanks

Viewing 1 replies (of 1 total)

shane-g
(@shane-g)

14 years, 8 months ago

Hi,

You need to assign 766 recursive permissions to wp-contents directory [means only read and write] so that only you can execute any files. No web user can execute it.

Thanks,

Shane G.

Viewing 1 replies (of 1 total)

The topic ‘Can I prevent PHP exectution in uploads directory?’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: shane-g
Last activity: 14 years, 8 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics