Apache配置
<Directory /apps/web/renwole/wp-content/uploads> php_flag engine off </Directory> <Directory ~ "^/apps/web/renwole/wp-content/uploads"> <Files ~ ".php"> Order allow,deny Deny from all </Files> </Directory>
Nginx配置
location /wp-content/uploads { location ~ .*\.(php)?$ { deny all; } }
Nginx禁止多个目录执行PHP:
location ~* ^/(css|uploads)/.*\.(php)${ deny all; }
配置完成后,重载配置文件或重启Apache或Nginx服务,之后所有通过uploads来访问php文件,都将返回403,大大地增加了web目录安全性。