To prevent running malicious files or PHP files in the uploading folders of WordPress or the other scripts, embed a code that only allows reviewing pictures in the .htaccess file inside the upload folder.

For example, the upload folder in WordPress is wp-content/uploads, so the following code is embedded in the .htaccess file inside the mentioned folder:

# If the URI is an image then we allow accesses

SetEnvIfNoCase Request_URI ".(gif|jpe?g|doc|png|bmp)$" let_me_in

Order Deny,Allow 

Deny from All

# Allow accesses only if an images was requested

Allow from env=let_me_in

deny from all 

To make the file content as follows:

htaccess_file

 

If you want to allow running other extensions, you can add the extension to this line:

SetEnvIfNoCase Request_URI ".(gif|jpe?g|doc|png|bmp)$" let_me_in

htaccess_extentions

Also, It is always recommended to upgrade to the latest available versions of the used script and the plugins installed on it.





Was this answer helpful? 20 Users Found This Useful (20 Votes)

Most Popular Articles

The Problem of Adding Modules to Joomla

  In the following example, the FTP link of the website will be as: ftp.example.com, and the...
The Problem of Uploading Files to WordPress

  In the following example, the path of the website will be: /home/user/, and the path of...