Support Center » Knowledgebase » Secure your images/media/uploads directories

Secure your images/media/uploads directories



You should prevent execution / access of php scripts in directories where php scripts should not exist, such as images / uploads folder. To do this, insert the following lines into your .htaccess file:

<FilesMatch "\.(php.?|p?html?)\.?">
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
</FilesMatch>

The advantage of this is that even when malicious content gets injected like phishing html pages or php scripts, they can be placed into these directories but cannot be executed as such.



Article Details
Article ID: 142
Created On: 21 Dec 2007 12:03 AM
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
Please note that the login and password to the support area is NOT the same as your hosting control panel login and password
 
 Search
 Article Options
Home | Register | Submit a Ticket | Knowledgebase | Downloads | Control Panel User's Guide | Server Status
Language: