Support » Plugin: Wordfence Security - Firewall & Malware Scan » Disable Code Execution for Uploads directory Not Working

  • Resolved thekendog


    I’ve enabled this option and I see the htaccess file is in the uploads folder. However, PHP code is still being executed. A hacker was able to upload some files in there and execute them based on what I see in the log files. Also, I just manually put a PHP file in there and it works when viewing it in a browser. How do I get this to work properly? I’m running PHP 5.6 and FPM.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi @thekendog

    Are you hosting this site on a shared hosting plan or on a VPS you own? Because I’ve double checked the code we use in “.htaccess” and I got this feature working as it should, I got the .php file in “/uploads” directory rendering just as a normal .txt file when I hit it in the browser (it didn’t get executed). So, perhaps reporting this issue to your web host would be helpful, just share with them the code in “.htaccess” to make sure they support the way we prevent .php file from being executed or not.


    Hi @thekendog!
    We haven’t heard back from you for a while so I’m going to resolve this thread. If you have any other issues later on, please feel free to start a new one at any time. Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable Code Execution for Uploads directory Not Working’ is closed to new replies.