How To Disable Execution of PHP Files in Specific WordPress Directory

Last modified on March 20, 2019 23 sec read

To improve your WordPress security, you need to disable the execution of PHP files. In this article, we will learn how to disable PHP file execution using .htaccess.

First, create a .htaccess file. Write this 4 lines of code to your .htaccess file to disable PHP execution. Then upload this file to three directories of your WordPress site.

  • wp-includes
  • wp-content/uploads
  • wp-content

You can use File Manager or FTP to upload the .htaccess file.

<Files *.php>
Order allow,deny
Deny from all
Read all security tips and tricks about WordPress: The Powerful WordPress Security Guideline – Simple Tricks


Hey, I'm Md Obydullah. I build open-source projects and write on Laravel, Linux server, modern JavaScript and more on web development.