In order to further harden a folder, for example an ‘uploads’ folder as used by WordPress, it maybe appropriate to block the execution of key file types. If you have a specific folder where content can be more easily written, blocking execution of script files will help reduce the chance of an attacker executing a script, even if they are able to upload it.
A lot of attacks automaticity identify vulnerable sites, and then attempt to exploit them. These attack scripts then essentially report a list of exploited sites, which are then used in a second stage, such as relaying spam email.
By creating a .htaccess file within this specific folder on your Apache web server, you can more tightly control what content is served.
|
1 2 3 4 |
<Files *.php> Order Deny,Allow Deny from all </Files> |
Hope this helps.
(Visited 7,995 times, 1 visits today)
thank you, it helps me today.