Howto: Disable php processing in wordpress upload folder.

Posted by Andrew McCombe on Wed May 18, 2011

If you host a WordPress site and have enabled writeable permissions on any of the folders it is recommended that you Disable php processing in wordpress upload folders. If you are running Apache you can do this in the VirtualHosts file as follows:

    php_admin_flag engine off
    AllowOverride None
    DirectoryIndex Off
    RewriteEngine On
    RewriteRule \.php$ - [F,L]

And here’s the test:

[email protected]:~$ curl -I
HTTP/1.1 403 Forbidden
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 222
Date: Wed, 18 May 2011 09:20:59 GMT
X-Varnish: 1332974452
Age: 0
Via: 1.1 varnish
Connection: keep-alive