Secure your images/media/uploads directories

Article Details
URL: https://support.quadrahosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=142
Article ID: 142
Created On: 21 Dec 2007 12:03 AM

Answer

You should prevent execution / access of php scripts in directories where php scripts should not exist, such as images / uploads folder. To do this, insert the following lines into your .htaccess file:

<FilesMatch "\.(php.?|p?html?)\.?">
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
</FilesMatch>

The advantage of this is that even when malicious content gets injected like phishing html pages or php scripts, they can be placed into these directories but cannot be executed as such.