DAP Security - Video Series

How to disable File Uploads in your PHP Setting!

This is one of the MOST effective ways to prevent hackers from uploading malicious scripts to your site.

If you disable file_uploads feature in your php settings (your webhost can do it for you), it'll make it a lot harder for hackers to upload malicious scripts to your site. This has helped us immensely with our own website security.

You still need to take all other necessary steps to protect your site.

Disabling file_uploads in your php settings won't eliminate the need for all other security measures. It'll just make it harder for hackers to upload malicious scripts to your site (even if they find a vulnerability in one of your plugins or theme).

However, before you do this, you need to be aware of a few things:

If you disable file_uploads, you'll have to be prepared to do a little bit of extra work! You can no longer upload media files (images etc) via your WordPress dashboard. You'll not be able to update WordPress, your plugins or themes directly via WordPress dashboard.

So what does this mean for you ?

A little more hassle but it's totally worth it:

  • You'll have to schedule your updates (plugin updates, theme updates, wordpress version update etc) because you can no longer do it whenever you want. Just have your webhost re-enable file_uploads whenever you want to update plugins/theme etc. After you're done with the updates, have them disable it again. 
  • You’ll have to be prepared to use FTP or File Manager (in your Webhost cpanel) to upload media files. If file_upload is disabled, you cannot upload images via WordPress file uploader. Just use ftp or file manager to upload image files to your server and then instead of using the WordPress Post => Add Media => "Insert Media => Upload files" feature to upload media files to your server, just insert the full URL of the image file using WordPress post/page => Add Media => Insert from URL.

So yes, it’ll result in more work for you but it's totally worth it because of the peace of mind it'll give you knowing that you've made it that much more harder for hackers to hack your website!

For us, it has been MORE than worth it. It has helped us a great deal with our website security.

How do I disable file_uploads?

Watch the video to see how to disable file uploads in your php setting!

Copyright 2017, WickedCoolPlugins Inc