Get More Solutions? Please visit our blog site

The uploads directory is the one directory that will almost need to be writable by the web server. It’s where all files are uploaded remotely. Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.

The wp-content folder contains images, themes and plug-ins and it’s a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.

This requires it’s very own .htaccess file which must be added to the wp-content folder, it allows users to see images, CSS etc… but protects the important PHP files.

Now create a .htaccess file & below code paste in your new .htaccess file, save it then upload in your wp-content folder.

# Kill PHP Execution
<Files *.php>
deny from all
</Files>

OR another way:

Prevent Access To wp-content

WordPress holds all your media files in here and they’re an asset you want search engines to crawl. But, “/wp-content” is a place where your themes and plugins reside, too. You don’t want to allow access to those sensitive .php files.

In order to work you need to create a separate .htaccess file (just use your FTP client and create a file with no name and give it an “.htaccess” extension) and put it in your /wp-content directory. This code will allow access to images, CSS, java-script and XML files, but deny it for any other type. To disable directory browsing on your website, you need to add the following line to your .htaccess file.

Now create a .htaccess file & below code paste in your new .htaccess file, save it then upload in your wp-content folder.

# Kill Folder Execution
Options -Indexes

That’s it. Your WordPress website should be a lot safer place now.