Block PHP files with the Sucuri Security plugin
Malicious visitors can compromise your WordPress website if they manage to add and execute malicious PHP files. The following steps will help protect your site by blocking PHP execution in certain directories.
Required: You must install the Sucuri Security plugin before you follow these steps.
- Inicie sessão no WordPress.
- In the left-side menu, select Sucuri Security > Settings.
- Select the Hardening tab.
- Find the section labeled Block PHP Files in Uploads Directory.
- If the section is red, select Apply Hardening. If it’s green, the hardening is already applied.
- Repeat the previous two steps for the Block PHP Files in WP-CONTENT Directory and Block PHP Files in WP-INCLUDES Directory sections.
Test your site to ensure these settings are not interfering with your theme and plugins. If blocking some files causes issues, allow them in the Sucuri Security plugin.
Note: If you can't apply or revert hardening for this feature, it may already be handled by your hosting platform.
Related steps
Protect your website further by activating the other Sucuri Security options:
- Torne a sua versão do WordPress privada com o suplemento de segurança da Sucuri
- Remova o ficheiro leia-me do WordPress com o suplemento de segurança da Sucuri
- Desative o editor de temas e suplementos no WordPress com o suplemento de Segurança da Sucuri
More info
- Utilizar o suplemento de segurança da Sucuri para proteger o meu sítio da internet do WordPress
- Proteja o meu site WordPress
- If you don't want to deal with website security yourself, we also have a GoDaddy paid website security service that can take care of that for you. The service also includes site cleanup.