How to Protect the wp-content Folder of Your WordPress Website
Hosting types Reviews Comparisons Resources Hosting Coupons 313
$USD EN
Rating Methodology Advertising disclosure

How to Protect the wp-content Folder of Your WordPress Website

Bruno Mirchevski
Bruno Mirchevski
Hosting Expert 3 min read

How to Protect the wp-content Folder of Your WordPress Website

It’s no magic that WordPress users always remain concerned about website security. The total number of WordPress users is increasing rapidly, and so make the threats.

In the last couple of years, people have faced severe damage to their websites because of some possible vulnerabilities, I am sure, you don’t want to have any.

Ever since I started using WordPress, I have come across many ups and downs, which taught me to take care of my website. You should also have a clear mind to grasp the WordPress security guide.

As you all know, whenever you upload an image, video, pdf, or any other media file, it goes to the media library, which means in the wp-content/uploads directory of WordPress.

If you are a tech-savvy person, you may already know that WordPress is a PHP-based Content Management System and wp-content/uploads require PHP execution every time someone tries to upload a media file.

It’s vital to stop this PHP execution to secure this directory.

Note: This topic is about protecting the wp-content/uploads folder.

You may have a question as if why does the title show only wp-content folder, well, it’s because Uploads directory resides inside it and you can’t stop PHP execution for every directory in wp-content, it consists plugins which may require PHP access.

To keep the website running, you should protect only the UPLOADS directory.

Where Should You Add the Code

As you already know, .htaccess is one of the most efficient files, which controls tons of task of a WordPress website, you need to use this file.

But there is a twist; you’re not going to modify the main .htaccess file, you have to create a new file in the wp-content/uploads directory.

Whenever you aim to apply an action to a specific directory, you require a new file instead of using the core file.

Let’s start the process.

Step 1

Login to your cPanel account offered by your web hosting company and open the File Manager, you can find it under Files.

How to Protect the wp-content Folder of Your WordPress Website

You should know, the data of your website is hosted in a file manager.

Step 2

Open the root directory/public_html from the vertical navigation menu of cPanel and search for wp-content.

How to Protect the wp-content Folder of Your WordPress Website

Click to open.

Step 3

As discussed earlier, the folder consists of many directories from which, you need to open the uploads folder.

How to Protect the wp-content Folder of Your WordPress Website

The UPLOADS directory has all the media files of your WordPress website. You can see the arrangement after opening it.

Step 4

You can see no sign of the .htaccess file here. To create a new file, click on File showing at the top-left corner of the main navigation menu of cPanel.

How to Protect the wp-content Folder of Your WordPress Website

Step 5

A popup appears, which require you add the file name. Make sure you don’t forget the dot as a prefix of the .htaccess file.

How to Protect the wp-content Folder of Your WordPress Website

You can see the path of your wp-content/uploads directory. I must tell you that if you run a website on a subdomain, the path may be different.

When you host an addon domain or multiple websites at the same web hosting server, you need to create the different folders to keep the data separated.

For now, click on the Create New File button.

Step 6

Refresh the page, and you can see the .htaccess file. As always, you need to right-click to edit it.

How to Protect the wp-content Folder of Your WordPress Website

A new tab appears to you. You can see an empty file because it’s just a text file, unlike the main .htaccess file, it doesn’t contain the rewrite rules.

Add this code.

# Kill PHP Execution
<Files ~ ".ph(?:p[345]?|t|tml)$">
deny from all
</Files>

Click Save Changes. This code will stop PHP execution in wp-content/uploads directory.

Note: It’s important to check your website after adding the code, if your website behaves differently, you should remove the code.

It’s because if you use a custom WordPress theme, it’s possible that your web developer has used the media files available in the WordPress media library, which require to execute PHP.

But if you use any pre-built WordPress theme, it works perfectly. Let’s say you use any of the free themes available in the WordPress theme repository; you don’t need to worry.

If you buy any theme from ThemeForest or any premium WordPress theme seller, it will work great. The only problem can occur when you hire a web developer to build a custom theme for your website.

Make sure you talk to them.

If everything works fine for you, congrats, you have successfully disabled PHP execution for your wp-content/uploads directory.

I Hope You Have Understood the Concept of Securing the Directory

Every time we talk about website security, people start to fret. Well, there is nothing to be afraid of. To enhance your website’s safety, you must perceive the truth behind website hacking.

There may be many vulnerabilities inside your website and its web server, it’s essential to have a look and fix them. Stopping PHP execution is one of the best practices.

Conclusion

Adding the code mentioned above will help you secure the uploads directory. I am sure; you have understood the concept of website security.

Don’t forget to check your website’s behavior after adding the code in the .htaccess file, if something goes wrong, remove the code.

I suggest you to always keep the backup of your website and its database before making any changes.

Check out these top 3 WordPress hosting services:

A2 Hosting
4.7
1,895 user reviews
$1.95 /mo
Starting price
Visit A2 Hosting
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.8
  • Pricing
    4.0
IONOS
4.0
383 user reviews
$1.00 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
HostArmada
5.0
792 user reviews
$2.49 /mo
Starting price
Visit HostArmada
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.0

How to Enable Leech Protection in cPanel

This how-to guide explains about Leech protection in detail and how you can acti
3 min read
Bruno Mirchevski
Bruno Mirchevski
Hosting Expert

How to Secure the .htaccess File from Unauthorized Access

This guide will help you add one more security layer to your website by protecti
3 min read
Idan Cohen
Idan Cohen
Marketing Expert

How to Stop Image Hotlinking Using cPanel

This how-to guide explains the easiest way to prevent image hotlinking using cPa
3 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Stop Image Hotlinking Using cPanel

This how-to guide explains the easiest way to prevent image hotlinking using cPa
3 min read
Angela Olaru
Angela Olaru
Senior Writer & Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top