Prevent PHP code from being executed in some directories

November 2, 2011     0 comments

‚ÄčTo prevent execution of PHP code inside your image and cache directories, which is mostly where hackers will upload their phishing scripts, simply paste this code into a .htaccess file inside your image directories:


<Files .htaccess>
order allow,deny
deny from all
</Files>

php_flag engine off
Options -ExecCGI

<FilesMatch "\.(php|pl|sh|cgi)$">
<Limit GET PUT POST>
order deny,allow
deny from all
</Limit>
</FilesMatch>

or

# stop scripts from running from the folder
IndexIgnore *
Options All -Indexes
# Secure directory by disabling script execution
AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .jsp .asp .htm .html .shtml .sh .cgi
Options -ExecCGI
# Don't show this file, that would be bad as well!
<Files .htaccess>
order allow,deny
deny from all
</Files>

How helpful was this article to you?

FraudLabs Pro Secured Seal