DAP Security - Video Series
If you disable file_uploads feature in your php settings (your webhost can do it for you), it'll make it a lot harder for hackers to upload malicious scripts to your site. This has helped us immensely with our own website security.
Disabling file_uploads in your php settings won't eliminate the need for all other security measures. It'll just make it harder for hackers to upload malicious scripts to your site (even if they find a vulnerability in one of your plugins or theme).
If you disable file_uploads, you'll have to be prepared to do a little bit of extra work! You can no longer upload media files (images etc) via your WordPress dashboard. You'll not be able to update WordPress, your plugins or themes directly via WordPress dashboard.
A little more hassle but it's totally worth it:
So yes, it’ll result in more work for you but it's totally worth it because of the peace of mind it'll give you knowing that you've made it that much more harder for hackers to hack your website!
For us, it has been MORE than worth it. It has helped us a great deal with our website security.
Watch the video to see how to disable file uploads in your php setting!