As I understand we place code and upload this file to the /wp-includes/ and /wp-content/uploads/ folders. If we like to WordPress properly its required to execute PHP for certain directories without any problem. In case the uploads folder doesn’t have the .htaccess file, create a new one:
<Files *.php>
deny from all
</Files>
But should we disable PHP execution also inside wp-includes as it will break WordPress website?
So, how to forbid execution of PHP scripts in the wp-includes directory?
Yes, you’re right that adding a .htaccess file in the /wp-content/uploads/ folder with <Files *.php> deny from all </Files> will prevent PHP execution in that directory. However, it’s crucial not to disable PHP execution in the /wp-includes/ folder, as WordPress relies on PHP scripts within this directory to function properly. Disabling PHP execution in wp-includes can indeed break your WordPress website. So, it’s recommended to leave the /wp-includes/ directory untouched in terms of PHP execution to ensure the smooth operation of your WordPress site.
Thank you for the message!
You’re Welcome
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.