Block PHP in directories
| Verify WordPress is up-to-date | Make the WordPress version private |
| Block PHP in directories | Remove WordPress readme file |
| Enable DISSALLOW_FILE_EDIT in WordPress | |
One of the ways a site can be compromised is by PHP files being injected into your WordPress folders and executed from there. The following steps will help you block PHP files in those directories, but you will want to test your site functionality to ensure these settings are not interferring with your theme and plugins.
- You should always backup your site before making any changes.
- Log in to WordPress.
- Go to Sucuri Security > Settings.
- Click on the Hardening tab.
- Find the section labled Block PHP Files in Uploads Directory.
- If the section is red, click on the Apply Hardening button.
- Repeat the previous two steps for Block PHP Files in WP-CONTENT Directory and Block PHP Files in WP-INCLUDES Directory
If the section turns green, the plugin was able to enable this feature. If the section is still red, the plugin does not have permission to make this change.
More info
- Return to Install and setup Sucuri security plugin in WordPress.
- For more information about our premium support for WordPress, please visit our WP Premium Support Catalog.
