Tag - Execution

How to Disable PHP Execution in Certain WordPress Directories


By default, WordPress makes certain directories writeable so that you and other authorized users on your website can easily upload themes, plugins, images, and videos to your website.

However this capability can be abused if it gets in the wrong hand such as hackers who can use it to upload backdoor access files or malware to your website.

These malicious files are often disguised as core WordPress files. They are mostly written in PHP and can run in the background to gain full access to every aspect of your website.

Sounds scary, right?

Don’t worry there is an easy fix for that. Basically, you’d simply disable PHP execution in certain directories where you don’t need it. Doing so, any PHP files will not run inside those directories.

In this article, we will show you how to disable PHP execution in WordPress using the .htaccess file.

How to Disable PHP Execution in Certain WordPress Directories

Disabling PHP Execution in Certain WordPress Directories Using .htaccess File

Most WordPress sites have a .htaccess file in the root folder. This is a powerful configuration file used to password protect admin area, disable directory browsing, generate SEO friendly URL structure, and more.

By default, the .htaccess file located in your WordPress website’s root folder, but you can also create and use it inside your inner WordPress directories.

To protect your website from backdoor access files, you need to create a .htaccess file and upload it to your site’s /wp-includes/ and /wp-content/uploads/ directories.

Simply create a blank file on your computer by using a text editor like Notepad (TextEdit on Mac). Save the file as .htaccess and paste the following code inside it.

<Files *.php>
deny from all
</Files>

Create htaccess File with Code to Disable PHP

Now save the file on your computer.

Next, you need to upload this file to /wp-includes/ and /wp-content/uploads/ folders on your WordPress hosting server.

You can upload it by using an FTP client or via File Manager app in your hosting account’s cPanel dashboard.

Upload htaccess file to your WordPress site

Once the .htaccess file with the above code is added, it will stop any PHP file to run in these directories.

Using this .htaccess trick helps you harden your WordPress security, but it is not a FIX for an already hacked WordPress site.

Backdoors are cleverly disguised and can already be hidden in plain sight.

If you want to check for possible backdoors on your website, then you need to activate Sucuri on your website.

Sucuri

Sucuri is the best WordPress security plugin on the market. It scans your website for possible threats, suspicious code, malware, and vulnerabilities.

It also effectively blocks most hacking attempts to even reach your website by adding a firewall between your site and suspicious traffic.

Most importantly, if your WordPress site gets hacked, then they will clean it up for you. To learn more, you can check our Sucuri review because we have been using their service for years.

We hope this article helped you to learn how to disable PHP execution in certain WordPress directories to harden your website security. If you are looking for a complete guide, check out our ultimate WordPress security guide.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Disable PHP Execution in Certain WordPress Directories appeared first on WPBeginner.



Source link

Maximum Execution Time Exceeded in WordPress


Are you seeing ‘Fatal error: Maximum execution time of 30 seconds exceeded’ on your screen when trying to update a WordPress plugin or theme?

Typically this problem occurs when a PHP code in WordPress takes a long time to run and reaches the maximum time limit set by your WordPress hosting server. The time limit is important because it helps prevent the abuse of server resources.

In this article, we will show you how to fix the fatal error: maximum execution time exceeded in WordPress.

Fix Fatal Error: Maximum Execution Time Exceeded in WordPress Easily

Why Maximum Execution Time Exceeded Error Occurs?

WordPress is coded mainly in the PHP programming language. To protect web servers from abuse, there is a time limit set for how long a PHP script can run.

The actual time limit varies across hosting companies, however most of the times the maximum execution time is set between 30 – 60 seconds because that’s usually enough for a good PHP script to run.

When a script reaches the maximum execution time limit, it results in maximum execution time exceeded error.

Maximum Execution Time of 30 Seconds Exceeded Error in WordPress

Fixing Maximum Execution Time Exceeded Error

Although Maximum Execution Time Exceeded error is named a ‘fatal error,’ it is one of the most common WordPress errors, and you can easily resolve this.

Depending on when and where the error is triggered, WordPress may show the following error message to your website visitors.

Technical difficulties

This is part of the fatal error protection feature added in WordPress 5.2. You may also receive an email that will tell you which plugin (if a plugin triggered the error) caused the issue.

Technical issue email sent to admin

The email will also include a special link, which will allow you to log in to WordPress with ‘Recovery mode’.

Recovery mode

Once there, you can simply deactivate or delete the plugin causing the error.

However, if you don’t want to deactivate a plugin, then you can fix the underlying cause that triggered the error.

To fix the error, you will need to manually edit your .htaccess file and add a simple line of code.

Simply connect to your website using an FTP client.

Your .htaccess file is located in the same folder as your /wp-content/ and /wp-admin/ folders. If you can’t find it, then look at our article on why you can’t find the .htaccess file and how to find it.

For example, if you are using FileZilla as your FTP client, then you can find it in the ‘Remote Site’ section on the right-hand column.

WordPress .htaccess File in Filezilla

Once you locate the .htaccess file, right-click and open ‘View/Edit’ option. This will open the file with in a text editor.

View/Edit .htaccess File in WordPress

Next, you need to add this line at the bottom of your .htaccess file:

php_value max_execution_time 300

If you are using Notepad as your text editor, here is how it may look.

Adding Code to .htaccess File WordPress

Once done, save your file.

This code simply sets the value for maximum execution time to 300 seconds (5 minutes). You can now visit your website to see if the error is resolved.

If you still get the error, then try increasing the value to 600.

If you found this method easier, then check out these most useful .htaccess tricks for WordPress.

Another method to fix the maximum execution time exceeded error in WordPress is by modifying your php.ini file.

The php.ini file is a configuration file that defines settings for PHP on your server. On many WordPress hosting platforms, you may not see it inside your WordPress folder.

In that case, you can create a new php.ini file inside your WordPress root folder. After that, edit the php.ini file and add the following line.

max_execution_time = 60

Don’t forget to save and upload your changes back to the server. You can now visit your website and to see if the error has gone.

In most cases, increasing maximum execution time using either of these two methods will resolve the error. However if it doesn’t, then you need to contact your WordPress hosting provider for assistance.

We hope this article helped you fix the fatal error: maximum execution time exceeded in WordPress. You may also want to see our guide on how to fix the error establishing a database connection in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.



Source link