Howto: Disable php processing in wordpress upload folder.

by Andrew McCombe on May 18th, 2011

If you host a WordPress site and have enabled writeable permissions on any of the folders it is recommended that you disable PHP execution on these folders. If you are running Apache you can do this in the VirtualHosts file as follows:

<Directory "/path/to/my/wordpress/wp-content/uploads">
    php_admin_flag engine off
    AllowOverride None
    DirectoryIndex Off
    RewriteEngine On
    RewriteRule \.php$ - [F,L]
</Directory>

And here’s the test:

andrew@andrew:~$ curl -I http://www.euperia.com/wp-content/uploads/index.php
HTTP/1.1 403 Forbidden
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 222
Date: Wed, 18 May 2011 09:20:59 GMT
X-Varnish: 1332974452
Age: 0
Via: 1.1 varnish
Connection: keep-alive

From → Development, Linux, PHP

No comments yet

Marilyn: WHEW! Appreciation for posting your solutions. Holding the power button reset the device and I didn’t...
sandeep: thanks dude…it worked..!! )
Thomas: I was holding it for two minutes and nothing happened then I gave up because my thumb nail was hurting ...
KP: Thanks so much! I was about to go into kindle withdrawal for sure….
Korou: Thank you very much! I was really worried then – usually holding the power switch for about five seconds...

Howto: Disable php processing in wordpress upload folder.

Leave a Reply

Shameless Ad Section

Recent Comments

Recent Posts

Categories

Blogroll

About

Categories

Search