In order to further harden a folder, for example an ‘uploads’ folder as used by WordPress, it maybe appropriate to block the execution of key file types. If you have a specific folder where content can be more easily written, blocking execution of script files will help reduce the chance of an attacker executing a script, even if they are able to upload it.
A lot of attacks automaticity identify vulnerable sites, and then attempt to exploit them. These attack scripts then essentially report a list of exploited sites, which are then used in a second stage, such as relaying spam email.
By creating a .htaccess file within this specific folder on your Apache web server, you can more tightly control what content is served.
1 2 3 4 |
<Files *.php> Order Deny,Allow Deny from all </Files> |
Hope this helps.
![Share on Facebook Facebook](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/facebook.png)
![Share on Twitter twitter](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/twitter.png)
![Share on Google+ google_plus](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/google_plus.png)
![Share on Reddit reddit](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/reddit.png)
![Pin it with Pinterest pinterest](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/pinterest.png)
![Share on Linkedin linkedin](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/linkedin.png)
![Share by email mail](https://jervis.ws/wp-content/plugins/social-media-feather/synved-social/image/social/regular/48x48/mail.png)
thank you, it helps me today.