So there's one more thing to do from the hardening WordPress article on wordpress.org. And that is to prevent PHP execution in the uploads directory. Why do you want to do this? Now, the WordPress websites I've had the most trouble with are the ones with the most user generated content. So when you're allowing users to add content and upload files, you're already exposing yourself to a larger degree of risk when it comes to security. And one of the websites I used to have I've actually got rid of it now because it was such a target for attackers allowed users to upload images and all well and good they can upload images, they're not going to do any any harm.

But if the attacker manages to upload a PHP script and then can execute it, then you're in trouble. So what this does, is denies all PHP scripts for inclusion and execution in the uploads directory. Everything that's uploaded to WordPress goes through the uploads directory. So if you deny PHP execution from that directory, then you're cutting off this ability that attackers may have to upload malware to a WordPress website. So we copy that, and we put it in a new ht access file, which lives on the root of the uploads folder. And in order to do this, here's one I prepared earlier.

I haven't called it.ht access because it would disappear on my computer if I did that because it would be a docx file. So I've called it something else ht access dot txt and then I'll change the name on the file manager. And there is the file and the kill PHP execution code. So we'll upload that to the uploads folder. So we go inside WP content. And then inside uploads, and then we go upload, select that file, go back to the uploads folder, there's the file we've just uploaded.

But it's not going to do us any good at all like that. We need to rename it.ht access got to be exactly like that else. It won't work rename file. That is done now. So we test the website, test the back end. Okay, those are the things that I didn't know the things that I didn't know of course, most importantly, update plugins.

Here's two that are out of dates. Okay, we'll update those two Okay, both plugins updated. Remember what I said keep your plugins and themes updated don't have more themes than you need in your themes folder. The way you can do this. Here's mine, it's only got one of course, I can't show you on this screen because I've only got one theme but if I did have another theme, it would be a box around about the size of this box here. And all you do is click on it, and then delete the theme from with inside the WordPress back end.

Or you could go into the root of the server, the public HTML file, usually when it's in cPanel, and go WP content themes and then delete every folder that's there, apart from the one you're actually using in themes. Lastly, of course, get some sort of WordPress security plugin, and I've been advised that wordfence the free version is one of the best ones out There. I hope this has helped you if there's anything you can do now, that will take you one minute to do to enhance your WordPress security, your website security, I would very much urge you to do it right now. I don't want to see you hacks. My name is Rob caban. I'll see you in another video.