Hello, in order to stop the php injection in wp-content/uploads you need to do this:
Create a .htaccess containing this:
<Files *.php> deny from all </Files>
You need to put this .htaccess in wp-content/uploads and also in /wp-includes/ folder.
If you manage a dedicated server and you have many sites, you can do this automatically:
create a folder, let’s say /wpguru/
inside create the .htaccess cotaining the code above
then, in terminal run:
find /home/*/public_html/wp-content/ -maxdepth 1 -name uploads >> locations.txt
LOC=`cat /root/cptech/locations.txt` echo "$LOC"
From here, it was just a matter of writing the short command:
echo $LOC | xargs -n 1 cp -v /root/.htaccess
You will change the .htaccess path to wherever you have yours location, so mine looked like this:
root@server [~/cptech]# echo $LOC | xargs -n 1 cp -v /home/.htaccess
‘/home/.htaccess’ -> ‘/home/gaugehrt/public_html/
‘/home/.htaccess’ -> ‘/home/gaugedyn/public_html/