How can I disable PHP execution in a specific subdirectory?

Hi guys

How can I disable PHP in a specific subdirectory? I've got a media uploads folder where I want to prevent PHP execution (for an added layer of security).



Can use rewrite rule to prevent it. Go to the uploads folder and add .htaccess with following rules,

RewriteEngine on
RewriteRule (.*)php$ - [F]
Hi, guys!

I have tried the rewrite rule above but I've just found out that it only works if the file name is explicitly written.
If I have such .htaccess file inside a folder named /uploads, it would prevent someone trying to access


but they would still be able to access

and it would show them the index.php file.

I believe the only way to prevent this would be to completely disable the PHP file execution inside de folder but I didn't find a way to do it.
Is there a way to disable PHP execution inside specific directories?
How about creating a "/uploads/ " context from web admin and set no to Accessible option.
I've tried to create a context and got the same result: if I use /wp-contents/uploads/ as the context, file uploads stop working.
If I use /wp-contents/uploads/*.php, file uploads work fine, I cannot access /wp-contents/uploads/index.php but /wp-contents/uploads/ still show me index.php.


Hi @robyflc, I see, please ignore the context method.

Please try putting this on the document root .htaccess file
RewriteRule ^wp-content\/uploads(\/|.*\/|php)$ - [F,L]
or put the following on the /wp-content/uploads/.htaccess file.
RewriteCond %{REQUEST_URI} ^.*(\/|php)$ [NC]
RewriteRule .* - [F,L]
Let us know which one works for you.