Guard Your website’s wp-content Folder in WordPress: A Complete Guide

Guard Your website’s wp-content Folder in WordPress: A Complete Guide

WordPress is an open source platform. While this allows for greater innovation, it also poses a threat to the websites built on it. Since the source code is available to everyone, hackers can use to attack and manipulate other websites.

So you need to take certain protective measures. And one of them is protecting your wp-content folder.

For the uninitiated, every time you try to upload a media file, the WordPress CMS and wp-content/uploads execute PHP codes. For security reasons, you should stop this PHP execution.

It’s worth mentioning you cannot restrict complete access to wp-content folder. It consists of plugin files that require PHP access. For safety, you just need to protect the UPLOADS directory.

Step-by-step Process

To safeguard the folder, you need to create a file within the Uploads directory. Then add certain code to it.

Most people would think of using the core files like .htaccess instead to contain those codes. But that’s not recommended in this case.

Here are the steps you need to follow:
  • Log in to your cPanel
  • From the left-hand side panel, click on the public_html root directory
  • Then on the right-hand side panel, find the “wp-content” folder and click on it
  • Within this folder, you’ll find a subfolder “uploads.” This contains all the media files of your WordPress website. Click on it to open
  • As mentioned above, here you need to add a file. Click on the “+File” button from the top menu bar
  • In the pop up box, name the file “.htaccess”. Click on “Create New File
  • Refresh the page and you’ll see the file you just created
  • Now open the file and copy and paste the following code:
Code:
<Files ~ ".ph(?:p[345]?|t|tml)$">
deny from all
</Files>
The code will stop all PHP executions. Save the changes and exit.

Now browse through your website to check all the pages are working correctly. If you notice any difference, then it’s better to remove the code.

Another important thing to note, if you plan to build a custom theme for your website, make sure you communicate to the developers that you’ve added such a code. They will then take necessary measures to comply with this code.

So that’s how you protect the wp-content folder of your WordPress website. For further assistance, contact the hosting provider.
Author
kumkumsharma
Views
3,191
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from kumkumsharma

Top