Skip to main content
Keep Your Business Open During COVID-19Learn More
Call us
Phone numbers and hours
Help Center

Explore our online help resources


GoDaddy Help

Block PHP in directories

Verify WordPress is up-to-date Make the WordPress version private
Block PHP in directories Remove WordPress readme file

One of the ways a site can be compromised is by PHP files being injected into your WordPress folders and executed from there. The following steps will help you block PHP files in those directories, but you will want to test your site functionality to ensure these settings are not interferring with your theme and plugins.

  1. You should always backup your site before making any changes.
  2. Log in to WordPress.
  3. Go to Sucuri Security > Settings.
  4. Click on the Hardening tab.
  5. Find the section labled Block PHP Files in Uploads Directory.
  6. If the section is red, click on the Apply Hardening button.
  7. Repeat the previous two steps for Block PHP Files in WP-CONTENT Directory and Block PHP Files in WP-INCLUDES Directory

If the section turns green, the plugin was able to enable this feature. If the section is still red, the plugin does not have permission to make this change.

More info

Community Related

Vladislav's Avatar
Disable php engine in a specific directory

1 Replies

Last posted over 3 years ago.

arvindwill's Avatar
PHP version for folder alone

3 Replies

Last posted over 3 years ago.

MDailey's Avatar
Failed to write session data error when activating plugin

2 Replies

Last posted about 4 years ago.

arvindwill's Avatar
Configuring PHP for individual folder

1 Replies

Last posted over 4 years ago.

rob51852's Avatar
Installation failed: 500 Internal Server Error

1 Replies

Last posted 11 months ago.

Don't see what you are looking for? Search the Community