Prevent PHP scripts from executing in a directory

If you want to prohibit the execution of PHP scripts in a directory, for example, in /uploads/, you need to put the .htaccess file there with the following content:

php_flag engine 0
RemoveHandler .phtml .php .php2 .php3 .php4 .php5 .php7 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .htm .html
AddType text/plain .phtml .php .php2 .php3 .php4 .php5 .php6 .php7 .phps .cgi .pl .asp .aspx .shtml .shtm .fcgi .fpl .htm .html

If it doesn't work, then there is another option:

<FilesMatch "\.*">
SetHandler none

To check whether PHP scripts are really not being executed, you need to place the test.php file in the same directory with the following content and run it in the browser.

<?php echo 1; ?>

As a result, PHP code should be displayed in the browser:

08.10.2016, updated 21.02.2021


to add a comment.

Other publications