How to Disable PHP Execution in Certain WordPress directories

Updated on Jun 10, 2019

One of the precautions measures that you can take to improve your WordPress security is disabling the PHP files execution in certain WordPress directories. In this article, we will review how you can use the .htaccess file to disable PHP files execution in a specific directory.

In order to disable execution of files with PHP extension via third party users/bots you should add the following three lines of code in your .htaccess file:

<Files *.php>

deny from all


in both of the following directories:

  • /home/user/public_html
  • /wp-content/uploads/

If the .htaccess file does not exist in the mentioned directories you can create one via your cPanel account -> File Manager -> navigate to the mentioned directories -> "+ File". Name the new file .htaccess and after the same was created open it via the “Code Editor” tool. Now please copy/paste the mentioned lines of code above and save the file.

Also, you can create a text file named .htaccess on your local PC then again copy/paste the three lines of code from above and upload the file via FTP.

We hope you find this article useful. Discover more about FastCloud - the top-rated Hosting Solutions for personal and small business websites in four consecutive years by the HostAdvice Community!

WordPress Hosting

  • Free WordPress Installation
  • 24/7 WordPress Support
  • Free Domain for life
  • Hack-free Protection
  • Fast SSD Storage
  • Free WordPress Transfer
  • Free CloudFlare CDN
  • Immediate Activation
View More