As I understand we place code and upload this file to the /wp-includes/ and /wp-content/uploads/ folders. If we like to WordPress properly its required to execute PHP for certain directories without any problem. In case the uploads folder doesn’t have the .htaccess file, create a new one:
<Files *.php>
deny from all
</Files>
But should we disable PHP execution also inside wp-includes as it will break WordPress website?
So, how to forbid execution of PHP scripts in the wp-includes directory?
Yes, you’re right that adding a .htaccess file in the /wp-content/uploads/ folder with <Files *.php> deny from all </Files> will prevent PHP execution in that directory. However, it’s crucial not to disable PHP execution in the /wp-includes/ folder, as WordPress relies on PHP scripts within this directory to function properly. Disabling PHP execution in wp-includes can indeed break your WordPress website. So, it’s recommended to leave the /wp-includes/ directory untouched in terms of PHP execution to ensure the smooth operation of your WordPress site.