In addition to the recommendations on the Wordpress Website.
Limit the amount of PHP files that a writable by Apache. The directory's and files that need to be writable, do not always need to be executed by PHP directly.
This makes it a bit harder for the attacker to upload and execute any PHP commands.
- <Directory "/example/htdocs/wp-content/uploads/">
- php_admin_flag engine off
- <Directory "/example/htdocs/wp-content/themes/">
- <Files *php>
- Order allow,deny
- Deny from all
You need to login to post a comment.