Securing WordPress site

You are here:

Prevent .php files from being executed from

wp-includes and wp-content/uploads directories

Sometime malicious php files can end up in those two directories and then a spamming script can execute them to run the other scripts that will send out spam through your site. Protect these directories by adding .htaccess files to both with the following content.

Options -Indexes
<Files *.php>
deny from all