|In Brief||In addition to the recommendations from Wordpress.... more|
1 <Directory "/example/htdocs/wp-content/uploads/">
2 php_admin_flag engine off
4 <Directory "/example/htdocs/wp-content/themes/">
5 <Files *php>
6 Order allow,deny
7 Deny from all
In addition to the recommendations from Wordpress.
Limit the amount of PHP files that a writable by Apache. The directory's and files that need to be writable, do not always need to be executed by PHP directly.
This makes it a bit harder for the attacker to upload and execute any PHP commands.